Trusted URLs: Difference between revisions
From VRChat Wiki
Prismic247 (talk | contribs) m (Added additional publicly usable domains) |
m (Included "See also", for video players.) |
||
(6 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{Noticebox/Official}} | {{Noticebox/Official}} | ||
By default, [[Special:MyLanguage/Worlds|worlds]] in [[Special:MyLanguage/VRChat|VRChat]] cannot make requests to | By default, [[Special:MyLanguage/Worlds|worlds]] in [[Special:MyLanguage/VRChat|VRChat]] cannot make requests to untrusted URLs unless the user enables the "[[Special:MyLanguage/Untrusted_URLs|Allow Untrusted URLs]]" [[Special:MyLanguage/Settings|setting]]. Public [[Special:MyLanguage/Instances|instances]] are additionally secured by a list of up to 10 hosts, which can be set by the world creator. This is an intentional measure for security purposes. There is however an allowlist of trusted domains that are the exception to this rule, and are specific to the type of content being loaded. Below are the different allowlists by type. | ||
== Video | == Video player allowlist == | ||
The following domains are allowlisted for {{VRC link|https://creators.vrchat.com/worlds/udon/video-players/www-whitelist/|video}} content | The following domains are allowlisted for public {{VRC link|https://creators.vrchat.com/worlds/udon/video-players/www-whitelist/|video}} content use in [[Special:MyLanguage/Video_players|video players]]. | ||
{| class="wikitable" | {| class="wikitable" | ||
!Service | !Service | ||
Line 48: | Line 48: | ||
|} | |} | ||
== String | == String loading allowlist == | ||
The following domains are allowlisted for public use with {{VRC link|https://creators.vrchat.com/worlds/udon/string-loading/|string loading}} using [[Special:MyLanguage/Udon|Udon]]. | The following domains are allowlisted for public use with {{VRC link|https://creators.vrchat.com/worlds/udon/string-loading/|string loading}} using [[Special:MyLanguage/Udon|Udon]]. | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 70: | Line 70: | ||
|} | |} | ||
== Image | == Image loading allowlist == | ||
The following domains are allowlisted for use in {{VRC link|https://creators.vrchat.com/worlds/udon/image-loading/|image loading}} using Udon. | The following domains are allowlisted for public use in {{VRC link|https://creators.vrchat.com/worlds/udon/image-loading/|image loading}} using Udon. | ||
{| class="wikitable" | {| class="wikitable" | ||
!Service | !Service | ||
Line 78: | Line 78: | ||
|Discord | |Discord | ||
|<code>cdn.discordapp.com</code> | |<code>cdn.discordapp.com</code> | ||
|- | |||
|DisBridge | |||
|<code>*.disbridge.com</code> | |||
|- | |- | ||
|Dropbox | |Dropbox | ||
|<code>dl.dropbox.com</code> | |<code>dl.dropbox.com</code>,<code>dl.dropboxusercontent.com</code> | ||
|- | |- | ||
|GitHub | |GitHub | ||
Line 105: | Line 108: | ||
|Twitter | |Twitter | ||
|<code>pbs.twimg.com</code> | |<code>pbs.twimg.com</code> | ||
|- | |||
|VRCDN | |||
|<code>*.vrcdn.cloud</code> | |||
|- | |- | ||
|VRChat | |VRChat | ||
|<code>assets.vrchat.com</code> | |<code>assets.vrchat.com</code> | ||
|} | |} | ||
== See also == | |||
* [[Video players]] | |||
[[Category:Video_Players]] |
Latest revision as of 16:04, 7 December 2024
It is written and maintained by VRCWiki Team.
By default, worlds in VRChat cannot make requests to untrusted URLs unless the user enables the "Allow Untrusted URLs" setting. Public instances are additionally secured by a list of up to 10 hosts, which can be set by the world creator. This is an intentional measure for security purposes. There is however an allowlist of trusted domains that are the exception to this rule, and are specific to the type of content being loaded. Below are the different allowlists by type.
Video player allowlist
The following domains are allowlisted for public video content use in video players.
Service | Domain |
---|---|
Akamai CDN | vod-progressive.akamaized.net
|
Facebook Video | *.facebook.com ,*.fbcdn.net
|
Google Video | *.googlevideo.com
|
Hyperbeam | *.hyperbeam.com ,*.hyperbeam.dev
|
Mixcloud | *.mixcloud.com
|
NicoNico | *.nicovideo.jp
|
Soundcloud | soundcloud.com ,*.sndcdn.com
|
Topaz Chat | *.topaz.chat
|
Twitch.TV | *.twitch.tv ,*.ttvnw.net ,*.twitchcdn.net
|
VRCDN | *.vrcdn.live ,*.vrcdn.video ,*.vrcdn.cloud
|
Vimeo | *.vimeo.com
|
Youku | *.youku.com
|
YouTube | *.youtube.com ,youtu.be
|
String loading allowlist
The following domains are allowlisted for public use with string loading using Udon.
Service | Domain |
---|---|
DisBridge | *.disbridge.com
|
GitHub | *.github.io
|
GitHub Gist | gist.githubusercontent.com
|
Pastebin | pastebin.com
|
VRCDN | *.vrcdn.cloud
|
Image loading allowlist
The following domains are allowlisted for public use in image loading using Udon.
Service | Domain |
---|---|
Discord | cdn.discordapp.com
|
DisBridge | *.disbridge.com
|
Dropbox | dl.dropbox.com ,dl.dropboxusercontent.com
|
GitHub | *.github.io
|
ImageBam | images4.imagebam.com
|
ImgBB | i.ibb.co
|
imgbox | images2.imgbox.com
|
Imgur | i.imgur.com
|
Postimages | i.postimg.cc
|
i.redd.it
| |
pbs.twimg.com
| |
VRCDN | *.vrcdn.cloud
|
VRChat | assets.vrchat.com
|