As a Roblox Developer, it is currently impossible to use HttpService when HttpEnabled is disabled within a place. I think that by default plugins should have access to HTTP requests because maybe someone wants to use a plugin that requires it, but does not want to enable it in their place.
4 Likes
HttpService is only able to be used from Server Scripts and not LocalScripts so I don’t see why people would have a problem just turning it on, right?
I do agree though that plugins should have access to it whether it’s enabled or not. Just because some people forget to enable it at times.
1 Like
It is disabled by default as a security concern. With free access to HttpService, a plugin developer could download your whole place to their webserver just by you loading your place with the plugin installed. There are a number of other features facing similar challenges. The solution would be a permission system for plugins, but this would be a larger undertaking that isn’t on the roadmap right now AFAIK.
In other words, if you want plugins to have access to HttpService by default, you would need to convince ROBLOX to add a permission system for plugins. Your best bet for this is to compile a list of really useful features that are all blocked by a lack of a permission system, HttpService default access being one of them. Make sure to explain why each is useful.
12 Likes
A permissions system like Google Chrome Extensions? I actually love that idea, but I would not know how to request it.