Problems with accessing Patreon through an in-game browser

Hi again, apparently Patreon support moved over to a community forum and the guy who didn’t do anything for half a year (that’s not a joke, ticket number 2303938 if you want to check it) absolutely insists that fixing my problem can be done here and only here. So, here’s all the info starting with the initial ticket I filled out for Patreon’s “support”:

Hello! I have a problem with accessing my creator’s page on Patreon via an in-game link. The game uses the player’s default browser and opens a separate window for it. It doesn’t work properly at the moment. I’ve attached two screenshots. One shows how the window looks when I try to access Patreon through the game. The second picture shows the console output from the game when this happens.

Console output977×726 224 KB

how the page looks828×675 18.9 KB

Leading players to Patreon directly through the game is pretty important for me, and this does a negative to the overall players’ experience.

I ran several new tests myself. While I still can’t properly open my Patreon’s page, the game doesn’t have any problems with other popular sites. For example, I can open Youtube, look up a video via the search function, access the search results and watch the video. Or I can direct the in-game button to open Google and do everything I just mentioned by looking up Youtube first in Google.

Just to be clear, the web plugin worked for Patreon fine a year or something like that ago. So, you can’t just “it never worked at all”. I’ve finished my previous projects like 2 years ago and it worked just fine there. Thing is, I downloaded that game from the cloud and suddenly it has the same problem as the current game. So, the cause is 100% on Patreon’s side.

To reproduce the bug:

You can download my game here. A fair warning – it’s NSFW, but you don’t need to actually go past the main menu, so it’s safe for all testing purposes. Just load up the game and choose a button in the main menu. Either “Patreon” (directs to my main Patreon page) or “Features” (directs to FAQ post about the game). Hope this will help in the proper fixing of this problem.

The logic behind this is in www/js/plugins folder. You are interested in YEP_ExternalLinks.js for the main logic of the plugin and the main Patreon button and YG_Extension.js for the second button in the main menu and its link.

Well, let’s hope this forum with “leading developers” can fix their website as the support guy James promised. I’m tired of waiting for 6 months, you know? Somehow Patreon doesn’t forget about its $ cut the same way they forget about tech support.

YG_Extension.js

Are you injecting any script to the Patreon post page that the browser opens when a player clicks on the link?

No, and I have no idea how to do that. You have the full game code base on your hands. Plus, you should have access to my page layout and settings.

Google and Youtube are working just fine. Patreon did too until your site update I suppose. Remember how some genius updated the engine and all HTML breaks got swapped with just space and most of the creators’ front pages looked like an unreadable wall of text? Fun times…

Just a thought though. I don’t have an exact data when the web function stopped working for your site. One of the players asked me what’s wrong with it, so I made a test and filled out a ticket.

You need to debug your stack/app on your side, we can help you with pointers and info related to the api and using Patreon.

This looks like its happening likely because of the content security policy feature in chrome. CSP wouldnt allow a page to load if csp is violated. You can check if a page has CSP or not by using something like this addon.

The game uses the player’s default browser and opens a separate window for it

Is this happening in the os of the user by launching the default browser of the user there in an entirely new os window, or is it something that happens in a window inside the game which loads the default browser in a window or some kind of frame?

Not sure what you want to debug on the side of the app itself. I don’t use Chrome and I still get the error. The only site I want to use for in-game web access is Patreon. I’m not sure why should I care about your API in order to open up your site in the browser.

Not sure about the CSP confirmation plugin. I may be not getting the whole picture, but, as a Patreon support, you should know what policies and setting Patreon runs. Just tried it out and it says that Patreon doesn’t run CSP, so I’m doubly confused why is this relevant in this case. Also, don’t forget that Youtube and Google have no trouble loading and properly working, including embedded video and other features. I’m pretty sure if this CSP is important, they would be running it.

As for the window, yes, it should be a new in-game window form NWJS engine that the game uses if I understand your question correctly. Did you see the download link in my opening post? You can download the game there and test it out for outself. As I previously mentioned, you can load up just the menu for testing without any NSFW bits from the gameplay. Just go Main menu → Patreon or FAQ buttons

Oh, and speaking about systems and policies. Just swapped the link to Steam and it works just fine. I can login and chat with a friend. So, yeah, somehow other secure systems are fine with the in-game browser. Like Bank of America. Sure, it warns about an unsupported version since the NWJS engine is really old. Still, I have my login window working perfectly.

No, Codebard, it doesn’t look like CSP or whatever unless Patreon runs something very, very specific.

Not sure what you want to debug on the side of the app itself

Basically, this:

As for the window, yes, it should be a new in-game window form NWJS engine that the game uses if I understand your question correctly.

This is why you need to check whether there is any csp situation ending up interfering with the loading of the page in the in-game browser. That browser engine doesnt need to be chrome. It may be based on webkit, a fork of it or whatever else may be using csp. Its certain that something is happening there as seen in the console. It looks like its trying to load inline scripts and its not being permitted. You need to debug where and how.

Just tried it out and it says that Patreon doesn’t run CSP

Cloudflare may be selectively injecting csp.

That’s why you need to debug your in-game browser however you are able to and see where the csp is coming from.

…

A custom in-game browser is not a supported use case for patreon.com. If it was an os installed browser, it would be directly supported. However as it is not, its something you need to debug on your side.

So, I’ve been waiting for an answer from the support for half a year just to hear “do it yourself”. Cool. How do I debug the in-game browser then?

Any ideas why literally any other site I picked (and you can do this do) doesn’t have any problems with the unsupported in-game browser while Patreon does?

How do I debug the in-game browser then?

Its highly likely that you arent the first one who is experiencing this among those who use that game engine. Searching on their forums or contacting their support may help. Basically your inline scripts are being prevented from being run via a csp.

Any ideas why literally any other site I picked (and you can do this do) doesn’t have any problems with the unsupported in-game browser while Patreon does?

Depends entirely on the security measures of a given site/service. Like Cloudflare can selectively apply security measures to a specific visitor with any os/device/browser/ip combo (or any signature, really), these services would have their own set of rules.

But actually I’d go another way: Instead of just sending people to your Patreon page in a browser, doing an in-game screen with a pitch for whatever you want to ask your patrons to do (subscribe, follow, whichever action) would help you a lot more. Ie, if you want more patrons, send them to an in game screen that pitches the benefits of membership with a nice presentation and visuals and calls them to take an action. Then when they click on that action button, you can send them to the Patreon pledge flow/checkout from the correct tier by launching their default browser outside the game. This is safer as it would also avoid the risks of your potential patrons getting blocked from checkout due to any odd signatures tripping up fraud checks etc.

This way you could avoid having to maintain an in-game browser that any service may stop supporting in future for whatsoever reason and also boost your community and campaign.

Oh, I see… To sum it all up:

I’ve waited for half a year after filling in my ticket just to hear that it’s not your problem without any proof, just a pretty weird conjecture. I don’t have any problem with all sites I try to access from the in-game browser aside from yours. And, somehow, it’s not your problem to figure out despite having the direct option to check what’s going on both from website’s and game’s perspective through my test client.

Your “CSP” theory doesn’t hold to any criticism. Somehow, the “selective CSP application” is weirdly consistent with Patreon despite 6 different testers on different platforms and different countries, including both virtual and physical devices. Interestingly enough, the very same platforms don’t have any problems with a list of 9 sites that have at least the same level of security as Patreon like Steam, Youtube and Bank of America.

The simplest conclusion is rather surprising. Patreon’s “leading developers” (as Patreon’s support called them) aren’t interested in finding solutions. Instead, they prefer to look for excuses.

Thank you for the help, Codebard. I hope you’ll get the same level of service as you provided here for the rest of your life.

the “selective CSP application” is weirdly consistent with Patreon despite 6 different testers on different platforms and different countries

The selective csp application would be consistent with Patreon as Patreon has been increasing its security measures recently. What other platforms do with their service is not something relevant to Patreon. And again - using a custom in-game browser for access to pages at Patreon is not a supported use case, therefore you have to sort it out on your own side. I already provided a use case that would both increase your audience & patrons and also would be supported without issues. Beyond that, there isnt something else we can do.

I understand your frustration. However there isnt a way for a non-supported use case to be maintained going into the future. If you were using the public api, that would be different, however, you arent.