Very specific access allowance in Extension settings #16990
-
|
Hello, I am sorry, that i just jump in, but I have recently noticed, that even a fresh install of Ruffle sets specific authorization requests, from one is just oddly specific: "Access your data for hxxps://www[dot]4399[dot]com" - I personally never visited this site before I saw this, and what I could find out so far, this seems like a Chinese site to me with tons of different content. Now the hostname registrar is also hidden, which makes the whole thing even more odd, also I couldn't find any connection between the supporters and the owner of the mentioned site either, so my simple question is: Why is this option defined for the plugin at all? Thank you. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 3 replies
-
|
This was added by #16750: it is there to run a content script on 4399, which fixes the site's Flash detection. |
Beta Was this translation helpful? Give feedback.
-
|
Agh, you were faster by a couple seconds! 😅 |
Beta Was this translation helpful? Give feedback.
-
|
The answer lies here: #16750 Basically, Ruffle has to tweak the HTTP headers a bit (IIUC), to make things work. Yes, that website is interesting, we have a hard time even testing on it, let alone supporting it. But Flash is still kinda big in China, so... that's why it was decided to add a specific workaround for it. PS: bojler eladó |
Beta Was this translation helpful? Give feedback.
-
|
It's a very popular Flash website in China, that's still running and has a very large userbase today (but only in China). The way that they detect Flash doesn't work with our usual "trick the website into using Ruffle instead of Flash", so we had to write a specific rule that targets this website to make it compatible with Ruffle. Normally we fool most websites by just pretending that a plugin called Flash Player exists, but they do something different and needed custom code. If you don't visit the website, nothing will happen - it's just an extra patch on top of our usual "patch every site that uses flash", because we couldn't do this generically. We don't call out to the website or anything like that. We also change the website's CORS rules to allow for SWF files to be loaded by Ruffle. We hope that one day the owners will do this themselves, but until then, it's the only way to make Ruffle compatible for all the people who do use the site :( For transparency and specific technical details:
|
Beta Was this translation helpful? Give feedback.
-
|
Agh, you were slower by a couple seconds! 😅 |
Beta Was this translation helpful? Give feedback.
-
|
I saw the "1 reply" pop up right as I was correcting a typo 😭 |
Beta Was this translation helpful? Give feedback.
-
|
Wow, damn people, this was fast. Thank you for all your answers. I noticed the code, but I wasn't sure so I thought I rather ask... Working in security made me paranoid :) Thank you all for your answers! |
Beta Was this translation helpful? Give feedback.
It's a very popular Flash website in China, that's still running and has a very large userbase today (but only in China). The way that they detect Flash doesn't work with our usual "trick the website into using Ruffle instead of Flash", so we had to write a specific rule that targets this website to make it compatible with Ruffle. Normally we fool most websites by just pretending that a plugin called Flash Player exists, but they do something different and needed custom code.
If you don't visit the website, nothing will happen - it's just an extra patch on top of our usual "patch every site that uses flash", because we couldn't do this generically. We don't call out to the website or anyt…