Is there going to be a pattern for the `*.itch.zone
.` domain? E.g. "your-itch-domain.your-game-name.itch.zone" or something similar?
There are no plans to add account-specific subdomains on html hosted games as part of this update. These domains are not visible to the end user, so there is no purpose in having vanity URLs.
One potential use case is save-game isolation, is that something you are concerned about?
Only the following domains will be used for HTML games after this migration takes place:
html-classic.itch.zone
html.itch.zone
But we may use other *.itch.zone
domains in the future for different configurations, which is why we recommend those who use site-locks to use the wildcard domain.
save-game isolation is important.
- Some simple engines don't allow the author to change the save "id" and those saves clash between different games.
- localStorage is limited per domain (5 or 10 MB depending on the browser) so one game can reach the limit and cause issues for all other games
- if one clears the localStorage to solve an issue with a game, it clears it for all games
Vanity URL are indeed not needed but somewhat unique URLs are.
Our current CDN doesn’t make it trivial to provision wildcard domains and certs, so it wasn’t something we were able to provide. It’s possible with our new provider this may become an option, but at this time we haven’t made any decisions about which provider we will be using so I can’t say for certain.
With LetsEncrypt, would a wildcard cert even really be necessary? You could just generate a cert for a new subdomain whenever a new user publishes an HTML game for the first time. They do have rate limits but I imagine the public one could be workable, and if not, one can always contact them to work out potential rate limit increases (there's a form on their rate limits page for it).
Save-game isolation too, but I was also building an online service that would benefit greatly if I could check which game was connecting to it. Knowing WHICH game is unnecessary, as long as I could differentiate between games using an unique-id.
Save-game isolation is a much more pressing danger, though.
Not having any isolation between games seems like a massive security/privacy issue unless I’m seriously misunderstanding the situation.
- Any game or its analytics/ads could essentially see a list of every other game a user has played that saved anything locally. This seems especially serious since itch.io hosts a lot of NSFW games as well as games geared towards marginalized groups.
- A troll could upload a game that messes with or deletes saves from other games. I know the public listings are moderated, but itch.io is often used for game jams where people share direct links to games that haven’t been checked yet, which bypasses moderation. Even an unintentional bug in one game could wipe saves from others.
- Some of the game-making tools at https://itch.io/tools/platform-web run in the browser and also save to local storage. This means that a malicious game/tool could steal someone’s works in progress, or private games they are making for themselves and don’t intend to share, if they use any of those tools.
- the user granting any permission (location services, camera, microphone, notifications, etc) to one game would grant that permission to all games
Don’t believe me? It’s right there in the OWASP cheat sheet: “ Avoid hosting multiple applications on the same origin, all of them would share the same localStorage object, use different subdomains instead.”