2 files changed, 14 insertions, 0 deletions
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example
index 5fa4026..872a7f8 100644
--- a/bin/Robust.HG.ini.example
+++ b/bin/Robust.HG.ini.example
@@ -153,6 +153,13 @@
    ;; Hypergrid services are not affected by this; they are publicly available 
    ;; by design.
+    ;; By default, scripts are not allowed to call private services via llHttpRequest()
+    ;; Such calls are detected by the X-SecondLife-Shared HTTP header
+    ;; If you allow such calls you must be sure that they are restricted to very trusted scripters
+    ;; (remember scripts can also be in visiting avatar attachments).
+    ;; This can be overriden in individual private service sections if necessary
+    AllowllHTTPRequestIn = false
    ; * The following are for the remote console
    ; * They have no effect for the local or basic console types
    ; * Leave commented to diable logins to the console
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example
index a0b8f50..48deeae 100644
--- a/bin/Robust.ini.example
+++ b/bin/Robust.ini.example
@@ -129,6 +129,13 @@
    ;; This is useful in cases where you want to protect most of the services,
    ;; but unprotect individual services. Username and Password can also be
    ;; overriden if you want to use different credentials for the different services.
+    
+    ;; By default, scripts are not allowed to call private services via llHttpRequest()
+    ;; Such calls are detected by the X-SecondLife-Shared HTTP header
+    ;; If you allow such calls you must be sure that they are restricted to very trusted scripters
+    ;; (remember scripts can also be in visiting avatar attachments).
+    ;; This can be overriden in individual private service sections if necessary
+    AllowllHTTPRequestIn = false
    ; * The following are for the remote console
    ; * They have no effect for the local or basic console types

diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index 5fa4026..872a7f8 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example
@@ -153,6 +153,13 @@
153	;; Hypergrid services are not affected by this; they are publicly available	153	;; Hypergrid services are not affected by this; they are publicly available
154	;; by design.	154	;; by design.
155		155
		156	;; By default, scripts are not allowed to call private services via llHttpRequest()
		157	;; Such calls are detected by the X-SecondLife-Shared HTTP header
		158	;; If you allow such calls you must be sure that they are restricted to very trusted scripters
		159	;; (remember scripts can also be in visiting avatar attachments).
		160	;; This can be overriden in individual private service sections if necessary
		161	AllowllHTTPRequestIn = false
		162
156	; * The following are for the remote console	163	; * The following are for the remote console
157	; * They have no effect for the local or basic console types	164	; * They have no effect for the local or basic console types
158	; * Leave commented to diable logins to the console	165	; * Leave commented to diable logins to the console


diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index a0b8f50..48deeae 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example
@@ -129,6 +129,13 @@
129	;; This is useful in cases where you want to protect most of the services,	129	;; This is useful in cases where you want to protect most of the services,
130	;; but unprotect individual services. Username and Password can also be	130	;; but unprotect individual services. Username and Password can also be
131	;; overriden if you want to use different credentials for the different services.	131	;; overriden if you want to use different credentials for the different services.
		132
		133	;; By default, scripts are not allowed to call private services via llHttpRequest()
		134	;; Such calls are detected by the X-SecondLife-Shared HTTP header
		135	;; If you allow such calls you must be sure that they are restricted to very trusted scripters
		136	;; (remember scripts can also be in visiting avatar attachments).
		137	;; This can be overriden in individual private service sections if necessary
		138	AllowllHTTPRequestIn = false
132		139
133	; * The following are for the remote console	140	; * The following are for the remote console
134	; * They have no effect for the local or basic console types	141	; * They have no effect for the local or basic console types