Http.InsecureProtocolEnabled
Http.InsecureProtocolEnabled
#Overview
name: Http.InsecureProtocolEnabled
This variable is created as a Console Variable (cvar).
- type:
Var - help:
Enable insecure http protocol
It is referenced in 7 C++ source files.
#Summary
#Usage in the C++ source code
The purpose of Http.InsecureProtocolEnabled is to enable or disable the use of insecure HTTP protocol in the Unreal Engine’s networking system. This setting variable is primarily used for debugging and testing purposes, as it allows developers to use non-secure HTTP connections when necessary.
The Unreal Engine subsystem that relies on this setting variable is primarily the HTTP module, which is part of the Online subsystem. This can be seen from the file paths where the variable is referenced, such as “Engine/Source/Runtime/Online/HTTP/Private/HttpModule.cpp”.
The value of this variable is set as a console variable (CVar) in the engine. It is initialized to false by default, meaning insecure HTTP is disabled. Developers can change this value at runtime using console commands or through code.
The associated variable CVarHttpInsecureProtocolEnabled interacts directly with Http.InsecureProtocolEnabled. They share the same value and purpose.
Developers must be aware of several important points when using this variable:
- It is only available in non-shipping builds (#if !UE_BUILD_SHIPPING).
- Enabling insecure HTTP can pose security risks and should only be used in controlled environments, such as during development or testing.
- This setting affects the entire HTTP module, so enabling it may have wide-reaching effects on network communication within the engine.
Best practices when using this variable include:
- Only enable it temporarily for debugging or testing purposes.
- Never enable it in production or shipping builds.
- Always disable it after finishing the debugging or testing session.
- Use it in conjunction with other security measures when testing potentially insecure connections.
Regarding the associated variable CVarHttpInsecureProtocolEnabled:
The purpose of CVarHttpInsecureProtocolEnabled is the same as Http.InsecureProtocolEnabled. It’s an internal representation of the console variable in C++ code.
This variable is used in various test files (TestHttp.cpp, TestWebSockets.cpp) to enable insecure HTTP during testing scenarios. It’s also referenced in the WinHttpHttpManager.cpp file, suggesting it affects the Windows-specific HTTP implementation.
The value of this variable is set programmatically in test fixtures, as seen in the provided code snippets (e.g., CVarHttpInsecureProtocolEnabled->Set(true);).
Developers should be aware that modifying this variable directly in code will affect the behavior of the HTTP module. It should only be used in controlled testing environments and never in production code.
Best practices for using CVarHttpInsecureProtocolEnabled include:
- Only modify it in test code or debugging scenarios.
- Always reset it to its original value after tests are complete.
- Be aware of its impact on the entire HTTP module when enabled.
- Use it cautiously and in conjunction with other security measures when testing network functionality.
#References in C++ code
#Callsites
This variable is referenced in the following C++ source code:
#Loc: <Workspace>/Engine/Source/Runtime/Online/HTTP/Private/HttpModule.cpp:16
Scope: file
Source code excerpt:
#if !UE_BUILD_SHIPPING
TAutoConsoleVariable<bool> CVarHttpInsecureProtocolEnabled(
TEXT("Http.InsecureProtocolEnabled"),
false,
TEXT("Enable insecure http protocol")
);
#endif
TAutoConsoleVariable<int32> CVarHttpEventLoopEnableChance(
#Associated Variable and Callsites
This variable is associated with another variable named CVarHttpInsecureProtocolEnabled. They share the same value. See the following C++ source code.
#Loc: <Workspace>/Engine/Source/Programs/WebTests/Private/TestHttp.cpp:36
Scope: file
Source code excerpt:
#define HTTP_TEST_TIMEOUT_CHUNK_SIZE 16*1024 // Use a big chunk size so it triggers data received callback in time on all platforms
extern TAutoConsoleVariable<bool> CVarHttpInsecureProtocolEnabled;
extern TAutoConsoleVariable<bool> CVarHttpRetrySystemNonGameThreadSupportEnabled;
class FMockHttpModule : public FHttpModule
{
public:
using FHttpModule::HttpConnectionTimeout;
#Loc: <Workspace>/Engine/Source/Programs/WebTests/Private/TestHttp.cpp:117
Scope (from outer to inner):
file
class class FHttpModuleTestFixture
function FHttpModuleTestFixture
Source code excerpt:
InitModule();
CVarHttpInsecureProtocolEnabled->Set(true);
}
void InitModule()
{
HttpModule = new FMockHttpModule();
IModuleInterface* Module = HttpModule;
#Loc: <Workspace>/Engine/Source/Programs/WebTests/Private/TestWebSockets.cpp:24
Scope: file
Source code excerpt:
#define WEBSOCKETS_TAG "[WebSockets]"
extern TAutoConsoleVariable<bool> CVarHttpInsecureProtocolEnabled;
class FWebSocketsModuleTestFixture
{
public:
FWebSocketsModuleTestFixture()
: WebServerIp(TEXT("127.0.0.1"))
#Loc: <Workspace>/Engine/Source/Programs/WebTests/Private/TestWebSockets.cpp:34
Scope (from outer to inner):
file
class class FWebSocketsModuleTestFixture
function FWebSocketsModuleTestFixture
Source code excerpt:
, OldVerbosity(LogWebSockets.GetVerbosity())
{
CVarHttpInsecureProtocolEnabled->Set(true);
ParseSettingsFromCommandLine();
// Init HTTP module because websockets module has dependency on it when get proxy
HttpModule = new FHttpModule();
IModuleInterface* HttpModuleInterface = HttpModule;
#Loc: <Workspace>/Engine/Source/Runtime/Online/HTTP/Private/HttpModule.cpp:15
Scope: file
Source code excerpt:
#if !UE_BUILD_SHIPPING
TAutoConsoleVariable<bool> CVarHttpInsecureProtocolEnabled(
TEXT("Http.InsecureProtocolEnabled"),
false,
TEXT("Enable insecure http protocol")
);
#endif
#Loc: <Workspace>/Engine/Source/Runtime/Online/HTTP/Private/WinHttp/WinHttpHttpManager.cpp:15
Scope: file
Source code excerpt:
#if !UE_BUILD_SHIPPING
extern TAutoConsoleVariable<bool> CVarHttpInsecureProtocolEnabled;
#endif
namespace
{
FWinHttpHttpManager* GWinHttpManager = nullptr;
}