Secrets dont work with ip addresses and ports

Bug Reports Engine Bugs
,
1

When using a secret with the following value (http://IP_ADDRESS:PORT/…) and a wildcard domain, passing it to HttpService:PostAsync throws an error saying ‘URL must be HTTP’. When passing a string with the same value instead of the secret, it does not throw an error.

System information:
AMD Ryzen 7 5700G
1x16GB DDR4
NVIDIA GeForce RTX 3060 Ti

Expected behavior

It should not throw an error when the URL is valid HTTP.

A private message is associated with this bug report

1 Like
2

Hi,

I tried the following steps but wasn’t able to reproduce the issue:

  1. I created a game, enabled HTTP Requests, and created a secret my_secret_url with value http://1.1.1.1:80 and wildcard domain *.

    image
    image1404×290 11.6 KB

  2. I added the following ServerScriptService to the game:

local HttpService = game:GetService('HttpService')
local URL = game:GetService('HttpService'):GetSecret('my_secret_url')
local data = {
	['some-data'] = 123
}
local res = game:GetService("HttpService"):PostAsync(URL, data)
print(res)
  1. I published, ran the game, and got the following error: HTTP 405 Method not allowed, which is expected.

Could you confirm whether the steps above match what you were doing?

Also, If you change your secret value to http://1.1.1.1:80, do you still see URL must be HTTP error?

Lastly, would it be okey for us to try sending POST request to the URL you provided privately?

3

That’s weird. The steps you took should’ve caused the error. I’ve tried it again myself with similar steps and i’ve been able to reproduce the error.

  1. Add a secret in the Security tab in Game Settings in studio using the following json: {"secretName": ["http://1.1.1.1:80", "*"]}
  2. Enable HTTP requests
  3. Create a server script in server script service with the following code:
local secret = game.HttpService:GetSecret("secretName")

game.HttpService:PostAsync(secret, "")

image
image2169×143 14.7 KB

When passing the same URL as a string instead of a secret, I get the 405 aswell.
The error seems to be reproducable with any IP address but if you’d like to use the private link, I can update it to an external link instead of a local one (the link I added is for the local network, woops). Thanks!

4

Looks like you are using the local secret feature: Game Settings > Security > Secrets. To set secrets through this UI, the secret value must be base64-encoded. This is documented (with example) in: Secrets stores | Documentation - Roblox Creator Hub

image
image1916×1254 195 KB

In this example, if you change the value to {"secretName100": ["aHR0cDovLzEuMS4xLjE6ODA=", "*"]} (where aHR0cDovLzEuMS4xLjE6ODA= is the base64 encoding of http://1.1.1.1:80) and run the game again, you should get the expected 405 error.

5

Ahh right, looks like I missed that part. So sorry! It’s working as expected then. The post can be closed.