I have just noticed that HttpService:GetAsync() is disabled on client, and, before I make a system that gets the required information from a server-script, I would like to know why it was disabled so that I may avoid any possible security issues in my game.
1 Like
I’m assuming It’s disabled on client so any exploiters can’t load and also security reasons.
Edit: It’s also to prevent players from stalling the service.
1 Like
Well I think it has to do with the amount of times the HTTP service can be used.
If the limit of 500 http
GET/POSTrequests per minute is exceeded, the Service will stall entirely for approximately 30 seconds.
If you could have each client send a http request then you could in theory have a theoretical maximum of 350000 requests every minute with 700 players. I just don’t think Roblox would allow that.
I am not a pro backend programmer however I think allowing clients to do HTTP requests will be a security and performant issue.
2 Likes
Thank you for your reply, I never really thought of this issue and was just about to implement my own httpget system for client, I will now use other alternatives for what I need to do.
No, this is not the reason. If GetAsync was called on the client, the request would be made from the players computer, not the Roblox server.
If Roblox allowed the use of this on the client, the players IP address could be returned and grabbed by the game creator.
5 Likes