Allow world blueprint id to be included in web request headers
Yewnyx
Creators with worlds that rely on web requests to display information may find their endpoints exploited by unknown other worlds or even asset rips.
Assuming a ripped world or unknown other world were to contain a different blueprint id, the creator could return different content that notifies the end user that their experience may be degraded or that the world is illegitimate.
This solution would also preserve user privacy, as no PII would be inserted into the request, and not present a security loophole or leak information that the author and clients alike did not have full access to; it would simply assure that the request was made from a specific origin, under whose control the original URL ostensibly was in the first place.
Log In
Yewnyx
Additional thought: it would also help figure out where file/image hotlinking was coming from in a way that doesn't implicate individual visitors at all, but can be audited back to the offending world.
For the privacy of private worlds, a hash could be taken of the world id so that the connection can be made between a blueprint id known by the original author and known by the URL endpoint manager (usually the same except in cases of unauthorized usage of the world) for comparison, and non-matching blueprint id's could be used to return custom messages (i.e. "World ripping detected! Join this world for the real one!") or even enable a portal to the real version.
For public worlds, it may be more convenient to include the unadulterated blueprint id as there is no concern with access to an unreleased blueprint id, and it increases transparency.