Demonstrates how to send messages to Discord via Webhook.
5/6/2019 - KeyInfo now applies ckey(). (Lummox JR)
ID:2462377
 May 3 2019, 9:00 pm
|
|
|
May 6 2019, 4:31 am
|
|
VolAs
 |
It's not a good idea to give client an hook url. Knowing the address client can abuse it.
|
In the code the client doesn't have access to the hook URL; only the server does. As long as the game isn't one that's distributed and you control hosting in-house, there shouldn't be an issue.
| |
Still, the server sends url to client to execute js script.
While the request to discord api is executed by the client, client can intercept and analyze this request with some special programs. Another variant is perhaps get address by manipulating client's cache/skin. In the demo though it's hard to achieve, but in some cases it is still an option. It's better to use for this some server side script with shell() or library with call() | |
Oh, you make a good point there. The JS in the implementation does tend to eliminate the possibility of keeping it all on the server.
| |
Most apis are https only for security reasons (not sending the auth credentials in plain text keeps them from having to deal with support tickets related to snooped credentials)
Unsecure hacks like this are going to be standard up until byond gets native https support, as well as http method and header support. In current byond, its impossible to use most apis. | |