|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0008648||New issues||Scripting||public||2014-11-22 16:21||2017-05-18 19:24|
|Summary||0008648: [Request] Allow clientside fetchRemote to access other servers|
|Description||I guess this doesn't need to be explained. MTA becomes REALLY limited when you can't access outside world directly from the client. |
Some services require the same IP to be used everywhere. Example: you want to make a music player. Fine, we can request the list of links via php or via the server's fetchRemote, but if the links are sent clientside, the links can't be played due to API limitations (different IP = different link). Here worldwide clientside fetchRemote comes in really handy. I don't really understand the point of this "limit" and this limit should be removed.
|Tags||No tags attached.|
edited on: 2014-11-23 12:42
I also don't really understand why clientside fetchRemote is so limited. You can already use events to send to clients any data (even malicious ones) returned by serverside fetchRemote. Perhaps it's blocked in the client due to unexpected DNS resolving being possible, but I think that scripts should be able to deal with that checking received data hash (you can't do anything that can damage a client's computer with current MTA functions).
1) the possibility of using MTA clients as a ddos weapon
2) the possibility of downloading large things to MTA clients and is mitigated by the fact you have to use your own bandwidth, not someone elses
edited on: 2014-11-23 16:19
1. What's the problem of restricting those requests rather than simply blocking all of them?
2. We can download stuff to clients with events, fetchRemote is not really the only method to do that.
edited on: 2015-03-17 22:32
1) ddos can also be achieved via playSound function, which does not restrict ip.
I would love client-side fetchRemote to support other servers (and also https) to support Spotify's local server (http://cgbystrom.com/articles/deconstructing-spotifys-builtin-http-server/ [^] )
cef3 integration might also allow it, but this would be a more direct approach. Which requires custom 'origin' header though (normal browser ignore such headers and also provide their own for security reasons).
|As far as CEF is getting implemented, isn't it worth making fetchRemote cross-domain too? Browsers have the same functionaliy anyway, just without interface.|
|Hmmm vc89, nice find.|
Why I think it is available to access other server is that
if fetchRemote use TCP protocol
1.Nobody want to use it to launch a tcp ddos attack because it is easy to fright against TCP ddos attack
2.We can use web browser's whitelist and blacklist to solve security problem.
So make fetchRemote access other server is reasonable
|fetchRemote has recently been updated to work with CEF whitelists|
|and this is duplicated https://bugs.multitheftauto.com/view.php?id=9474 [^]|
|2014-11-22 16:21||Gallardo9944||New Issue|
|2014-11-22 17:30||arranTuna||Severity||tweak => feature|
|2014-11-22 17:30||arranTuna||Summary||Allow clientside fetchRemote to access other servers => [Request] Allow clientside fetchRemote to access other servers|
|2014-11-23 12:42||AlexTMjugador||Note Added: 0022554|
|2014-11-23 12:42||AlexTMjugador||Note Edited: 0022554||View Revisions|
|2014-11-23 12:45||Cazomino05||Note Added: 0022555|
|2014-11-23 15:26||Gallardo9944||Note Added: 0022559|
|2014-11-23 16:19||Gallardo9944||Note Edited: 0022559||View Revisions|
|2015-02-06 11:56||arranTuna||Relationship added||has duplicate 0007713|
|2015-03-15 21:50||vx89||Note Added: 0023092|
|2015-03-17 22:32||vx89||Note Edited: 0023092||View Revisions|
|2015-03-25 19:44||Gallardo9944||Note Added: 0023123|
|2015-03-25 19:49||Woovie||Note Added: 0023124|
|2015-03-25 20:02||qaisjp||Note Added: 0023125|
|2017-05-07 02:33||thisdp||Note Added: 0025912|
|2017-05-07 02:56||ccw||Note Added: 0025913|
|2017-05-07 02:56||ccw||Status||new => resolved|
|2017-05-07 02:56||ccw||Resolution||open => fixed|
|2017-05-07 02:56||ccw||Assigned To||=> Jusonex|
|2017-05-07 03:08||thisdp||Note Added: 0025915|
|2017-05-07 03:17||thisdp||Note Added: 0025916|
|2017-05-18 19:24||qaisjp||Relationship added||related to 0009474|
|Copyright © 2000 - 2017 MantisBT Team|