Right now, it’s currently not possible to insert models into your game by script without them being in your’s or Roblox’s inventory. This makes it impossible to create a flexible custom maps feature without the extreme effort of taking into your inventory every single map people would like to insert.
I believe this is a very necessary change to this function:
Allow insertion of any model that is in your’s or Roblox’s inventory, and also any asset that allows copying, aka. is a free model/asset.
The last part currently does not exist, and makes a ton of things completely impossible or just too laborious to consider. I believe that the security risks of this are not nearly enough to warrant enforcing this security on Models too. For other assets, I can understand. But models/decals, at the very least, those are the core of Roblox, and the fact they cannot be inserted via. script without you or Roblox owning them is extremely limiting.
I really really hope this gets changed, because it frustrates me, and likely many others. In the meantime, I’m looking to find another way to do this, no matter how hacky.
I remember when this used to be a feature, but got changed to it’s current functionality. I believe that the change was for safety and security reasons. It wasn’t much of a problem at the time, and I haven’t seen other devs be concerned by this. Could you explain your particular use-case?
I own a game called Parkour, and it has a unique movement system that I decided would be fantastic for players to create their own maps and obstacle courses for.
My current use case in theory allows a player to create a map following formatting guidelines, publish it to Roblox allowing copying, and using an in-game command they can load their map into their private server for them or their friends to play on.
With how LoadAsset currently works, this simply isn’t possible. I easily avoid any potential vulnerabilities by combing through the asset using GetDescendants, destroying any potentially harmful objects such as scripts.
This is not the worst solution, but I’m currently just using the “take every model into my inventory” method. It’s working fine for now, but it’s definitely not something I want to do forever.
This is an intentional product feature. We do not want to encourage developers to have dynamic third party dependencies in their games. This would mean their game is subject to breakage at any time.
In the future, we will allow third party packages so developers will have control over when the package gets updated. Do you think this will work for your use case?
@Seranok While I do see your point, why hasn’t this limitation been applied to the require(assetId) function? Can you clarify why require(assetId) isn’t restricted when, in practice, it is also creating “dynamic third-party dependencies” within many games, such as with admin scripts?
Here’s the difference: It can currently load any free ModuleScript from the Library via its asset ID, and there is no setting to restrict it. ModuleScripts can run their code before the game can do anything to interfere, so it might as well be a more dangerous version of loadstring. In contrast, with InsertService, games have an opportunity to strip out BaseScripts and other unwanted objects before adding them to game worlds, but it’s currently restricted.
Basically, a more controllable model-loading system, InsertService, is restricted, but a less-controllable and more dangerous system, require(assetId), is unrestricted. Given the reasons I’ve stated, it would seem the restrictions should be the other way around.
I have previously made a similar feature request to this asking for security switches for these two model-loading functions.
In the meantime, I created web server software which eases the restrictions for non-group games (for creators willing to run their own web servers).
We have not yet locked down require(assetId) because we have not viable alternative in place. Once we have third party packages, we will see about locking it down.
I am quite strongly opposed to the idea of this restriction. The game I run is an obvious edge case (to not call it an edge case would be nothing short of ridiculous). My game is driven by UGC – Users design their own character models and can use them freely, comparable to the likes of VRChat.
Given that the ability to dynamically load from third party sources is the lifeblood of my game, and moreso that I’m making use of third party modules to bypass the restriction that OP is requesting gets lifted (via having my game’s group + a separate, trusted group upload approved modules that return a model packed inside of the ModuleScript), it would mean that the major selling point the community follows is removed. It would undoubtedly kill the game, given that >80% of the players use a custom model.
I had plans to implement a feature like this in a newer title of mine since it was an incredibly successful marketing tactic that raised hundreds of thousands of Robux for my title, but it seems that, depending on the decisions made by the Roblox team, this idea may have to be scrapped.
Simply put – I strongly agree with OP. It was unfortunate to see that InsertService.AllowInsertFreeModels was added only to be removed in a very short time. It gave me a bit of hope. I’d like this restriction to be optional.
My experience heavily revolves around players being able to insert their own MeshParts, however currently the only way to do this is via InsertService as MeshId cannot be changed at run-time, but InsertService doesn’t allow you to do this because of ‘trust check’.
Roblox should be giving the power to the developers, sure, many developers will end up making bad decisions with InsertService but this restriction is heavily limiting what is possible on Roblox. Can this be re-visited, maybe a sandboxed version that only inserts non-script objects, that would at least suffice many use-cases?
I wish this method would still function, it’s unfortunate that time has come to kill it off and has led developers with no way to workaround this for ‘security concerns’
Could this be reconsidered? There is a reason why we have a setting to enable third party products and HTTP, Yet not being able to insert third party models under our own caution and safety checks? That should obviously be a setting that we the developers have the right to choose if we want this sort of behavior or not.
@HexadecimalLiker and I are working on a project that would really benefit from allowing this. I understand the security risks, but there should at least be some way to manually override this for edge cases such as ours.
For example, making a NonScriptable property to allow Untrusted assets from loading, which will give a warning to the user when turning this on to confirm the decision