Trusted URLs: Difference between revisions

From VRChat Wiki
m (Tweaked capitalization, per MOS.)
m (Included "See also", for video players.)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Noticebox/Official}}
{{Noticebox/Official}}
By default, [[Special:MyLanguage/Worlds|worlds]] in [[Special:MyLanguage/VRChat|VRChat]] cannot make requests to remote URLs unless the user enables the "[[Special:MyLanguage/Untrusted_URLs|Allow Untrusted URLs]]" [[Special:MyLanguage/Settings|setting]]. This is an intentional measure for security purposes. There is however an allowlist of trusted domains that are the exception to this rule, and are specific to the type of content being loaded. Below are the different allowlists by type.
By default, [[Special:MyLanguage/Worlds|worlds]] in [[Special:MyLanguage/VRChat|VRChat]] cannot make requests to untrusted URLs unless the user enables the "[[Special:MyLanguage/Untrusted_URLs|Allow Untrusted URLs]]" [[Special:MyLanguage/Settings|setting]]. Public [[Special:MyLanguage/Instances|instances]] are additionally secured by a list of up to 10 hosts, which can be set by the world creator. This is an intentional measure for security purposes. There is however an allowlist of trusted domains that are the exception to this rule, and are specific to the type of content being loaded. Below are the different allowlists by type.


== Video player allowlist ==
== Video player allowlist ==
Line 115: Line 115:
|<code>assets.vrchat.com</code>
|<code>assets.vrchat.com</code>
|}
|}
== See also ==
* [[Video players]]
[[Category:Video_Players]]

Latest revision as of 16:04, 7 December 2024

VRLogo.png
V · EThis is an official VRChat information page!
It is written and maintained by VRCWiki Team.

By default, worlds in VRChat cannot make requests to untrusted URLs unless the user enables the "Allow Untrusted URLs" setting. Public instances are additionally secured by a list of up to 10 hosts, which can be set by the world creator. This is an intentional measure for security purposes. There is however an allowlist of trusted domains that are the exception to this rule, and are specific to the type of content being loaded. Below are the different allowlists by type.

Video player allowlist

The following domains are allowlisted for public Official VRChat source video content use in video players.

Service Domain
Akamai CDN vod-progressive.akamaized.net
Facebook Video *.facebook.com,*.fbcdn.net
Google Video *.googlevideo.com
Hyperbeam *.hyperbeam.com,*.hyperbeam.dev
Mixcloud *.mixcloud.com
NicoNico *.nicovideo.jp
Soundcloud soundcloud.com,*.sndcdn.com
Topaz Chat *.topaz.chat
Twitch.TV *.twitch.tv,*.ttvnw.net,*.twitchcdn.net
VRCDN *.vrcdn.live,*.vrcdn.video,*.vrcdn.cloud
Vimeo *.vimeo.com
Youku *.youku.com
YouTube *.youtube.com,youtu.be

String loading allowlist

The following domains are allowlisted for public use with Official VRChat source string loading using Udon.

Service Domain
DisBridge *.disbridge.com
GitHub *.github.io
GitHub Gist gist.githubusercontent.com
Pastebin pastebin.com
VRCDN *.vrcdn.cloud

Image loading allowlist

The following domains are allowlisted for public use in Official VRChat source image loading using Udon.

Service Domain
Discord cdn.discordapp.com
DisBridge *.disbridge.com
Dropbox dl.dropbox.com,dl.dropboxusercontent.com
GitHub *.github.io
ImageBam images4.imagebam.com
ImgBB i.ibb.co
imgbox images2.imgbox.com
Imgur i.imgur.com
Postimages i.postimg.cc
Reddit i.redd.it
Twitter pbs.twimg.com
VRCDN *.vrcdn.cloud
VRChat assets.vrchat.com

See also