As a Roblox developer, it is currently impossible to block the client from utilising teleport methods from the TeleportService. As such, I would like a boolean property under the TeleportService called AllowClientTeleports. AllowClientTeleports would be defaulted to true on production in order to remain a non-intrusive update and for developers to opt-in if they feel it would better fit their games.
This property fairly self explanatory; if the property is true, clients can use TeleportService methods that are supported client-side. If the property is false, clients will be thrown an error in attempting to use client-supported teleport methods (much like when attempting to use any other server-sided method).
For the sake of understanding what I am referencing when I say teleport methods, I am not referring to all methods under the TeleportService. I am only referring to the ones which can transfer players between places and instances, which are able to be used by the client.
Letâs get to know your problem.
Multi-place games are becoming fairly common on Roblox, which means that users are being teleported between places when reaching certain conditions. As a developer currently working on several upcoming games incorporating multiple places and needing to teleport between them, I would like to block the client from using teleport methods.
Why though? How does this help you?
On top of ensuring that clients donât mistakenly teleport to other places, I can stop exploiters from traversing my game without my serverâs explicit clear to do so.
I feel that, by extension of needing a workaround to combat this, it is counterintuitive to vet players when they enter a place based on conditions that I need to retrieve through DataStores. Ephemeral DataStores may help out but we donât know anything about how theyâll go down and even when theyâre out, using them would still be counterintuitive.
Wait. Just use server-sided teleport data or MessagingService.
Doesnât change the fact that the workflow is counterintuitive. In fact, using these or any other cross-instance method is completely pointless. A client teleport can easily circumvent server-based conditions and exploiters wouldnât need to do a thing except call teleport.
MessagingService could work only if youâre willing to send a message to literally every existing instance in every place of your game with a conditional lock after a player leaves and cache that, then delete the result after a long while. See how unreliable and counterintuitive that is? Very.
Could you provide an example scenario to help us better understand?
Yes of course. I have a place, PlaceB that requires a certain level to enter it, 20. Players spawn in at a lobby world, PlaceA. Realistically a client canât teleport to PlaceB with some checks, no, but a faulty codebase or exploited client can easily bypass that restriction.
Current workflow:
- Player1 wants to enter PlaceB from PlaceA.
- Server checks if Player1âs level is above 20. Itâs not. They arenât teleported.
- Sneaky Player2 calls Teleport to PlaceB from PlaceA and bypasses the check.
- PlaceB has a script that checks the playerâs level when they enter.
- PlaceB pointlessly spends a Get request to a DataStore, only to kick the player if their level isnât high enough.
Workflow with AllowClientTeleports:
- AllowClientTeleports is set to false in Studio.
- Sneaky Player2 is back and calls Teleport to PlaceB from PlaceA.
- Client is thrown an error - cannot access TeleportService method.
See how the workflow is reduced by a lot? Instead of going through the hassle of covering for cases where a player teleports illegally to another destination, you simply disallow client-based teleports and you go on your merry way with your usual server workflow for vetting players.
Thatâs all, really. A feature request exists like this and explains it in a concise manner compared to this, however I didnât reply there for three reasons.
-
I already started writing before I saw it. I didnât want to take the time to re-tailor my post to say âsupport, this is relevant now, Iâd like this featureâ.
-
That thread is 3-years old. Itâs not a necrobump if youâre adding new information, but Iâm not particularly comfortable in adding a post to a thread created that long ago.
-
Iâm asking for an engine feature, not a game setting. It fits more as a property in TeleportService than as a game setting, frankly. It can be a game setting too though that just flips the property, much like âAllow HTTP Requestsâ.
I couldâve. I probably shouldâve too. But I didnât. Take this thread for now.