Add support for scratch blocks which let you GET, POST, FETCH, UPDATE, OPTIONS, PUT, PATCH, DELETE to a certain URL. (Websockets would also be useful).

Create a [POST v] request to () { 
Add header () with content () 
Add body () with content () 
}

Env values (secrets) would also need to be added, as there may be some projects which need a key to access them and should not be shared with other users. In the same way cloud variables have a cloud icon before them, a secret variable would have a lock before it.

This belongs in the Suggestions forum. I've reported this to be moved there.

Are you suggesting that there is a scratchblock that makes forum posts foe you?

Http requests are probably too advanced for most scratchers. Not many people would actually use it, so the effort to implement it would be a waste. No support.

No support.
People can send a GET request to https://scratch.mit.edu/session/, then they can steal the e-mail address, and then they send a POST request to something else (to store it on the server).
They can also send a POST request to https://scratch.mit.edu/site-api/comments/user/USERNAME/add/, with bad words.

Boomer001 wrote:

No support.
People can send a GET request to https://scratch.mit.edu/session/, then they can steal the e-mail address, and then they send a POST request to something else (to store it on the server).
They can also send a POST request to https://scratch.mit.edu/site-api/comments/user/USERNAME/add/, with bad words.

I'm not suggesting that the user session or cookies would be sent along with the request. It would also be a better idea if the request was made on the scratch server as this should allow use of APIs which need tokens (with ENV secret variables).

Also, this could happen:

forever
Create Post
end

pineapplefan1234yt wrote:

Boomer001 wrote:

No support.
People can send a GET request to https://scratch.mit.edu/session/, then they can steal the e-mail address, and then they send a POST request to something else (to store it on the server).
They can also send a POST request to https://scratch.mit.edu/site-api/comments/user/USERNAME/add/, with bad words.

I'm not suggesting that the user session or cookies would be sent along with the request. It would also be a better idea if the request was made on the scratch server as this should allow use of APIs which need tokens (with ENV secret variables).

Adding tokens would take too much time (and it's hard) for the ST to add. Third-party services (like forkphorus) will not work anymore. Also, WebSockets already exist - cloud variables use WebSockets.

PizzaAddict4Life wrote:

Also, this could happen:

forever
Create Post
end

Scratch would definitely add ratelimits into projects.

PizzaAddict4Life wrote:

Also, this could happen:

forever
Create Post
end

Yes - that will kill the browser. Also, a lot of requests will fail to load if you do that.

People are only focusing on the ways it could be implemented badly and saying no support because they are not considering what this could mean for Scratch if implemented well. While it is good to think about the ways it could go wrong, it is not a good idea to throw out ideas based on bad implementations.

Boomer001 wrote:

PizzaAddict4Life wrote:

Also, this could happen:

forever
Create Post
end

Yes - that will kill the browser. Also, a lot of requests will fail to load if you do that.

Wouldn't that be mitigated by the 60 second rule?

Anyways, I don't support this because of the ability to take information from other users, the ability to crash a website (not necessarily Scratch), and several more reasons.

pineapplefan1234yt wrote:

People are only focusing on the ways it could be implemented badly and saying no support because they are not considering what this could mean for Scratch if implemented well. While it is good to think about the ways it could go wrong, it is not a good idea to throw out ideas based on bad implementations.

Ok, what are some good things that can come out of it?

SausageMcSauce wrote:

Boomer001 wrote:

PizzaAddict4Life wrote:

Also, this could happen:

forever
Create Post
end

Yes - that will kill the browser. Also, a lot of requests will fail to load if you do that.

Wouldn't that be mitigated by the 60 second rule?

Anyways, I don't support this because of the ability to take information from other users, the ability to crash a website (not necessarily Scratch), and several more reasons.

Scratch would add ratelimits, meaning you couldn't crash websites, and it wouldn't send information about the users.

pineapplefan1234yt wrote:

Scratch would add ratelimits, meaning you couldn't crash websites, and it wouldn't send information about the users.

But still; it can be dangerous.

PizzaAddict4Life wrote:

pineapplefan1234yt wrote:

People are only focusing on the ways it could be implemented badly and saying no support because they are not considering what this could mean for Scratch if implemented well. While it is good to think about the ways it could go wrong, it is not a good idea to throw out ideas based on bad implementations.

Ok, what are some good things that can come out of it?

Anything on IFTTT. Weather at a certain location? Literally any API? You could even get the news and just put it into a variable

Boomer001 wrote:

pineapplefan1234yt wrote:

Scratch would add ratelimits, meaning you couldn't crash websites, and it wouldn't send information about the users.

But still; it can be dangerous.

How so? The problems would only happen if Scratch implemented it wrong, not what the user does. When scratch added cloud variables, they just said don't make a chat app, the same kind of rules would apply to https requests. Cloud variables have a risk but scratch still decided to add them

Boomer001 wrote:

pineapplefan1234yt wrote:

Scratch would add ratelimits, meaning you couldn't crash websites, and it wouldn't send information about the users.

But still; it can be dangerous.

I would assume that it would post by the user there. So, example:

when green flag clicked
forever
Set thread title [Scratch is stupid and dumb] 
Set body with body [Scratch bad, it meaninie, *&#(%# #$*&^# :):):):):):):):):):):):):):):):):):):):):):):):):):):):):) you bad bad bad #&$^*#] 
Set forum [Suggestions v] // Or a random forum  
end

Oh wait that goes off the screen…

Edit: Fixed!

Edit: Not fixed! To see the rest of the second one highlight a little bit and press shift+right arrow because I really don't wanna seperate what should be one block into two

PizzaAddict4Life wrote:

Boomer001 wrote:

pineapplefan1234yt wrote:

Scratch would add ratelimits, meaning you couldn't crash websites, and it wouldn't send information about the users.

But still; it can be dangerous.

I would assume that it would post by the user there. So, example:

when green flag clicked
forever
Create thread title [Scratch is stupid and dumb] with body [Scratch bad, it meaninie, *&#(%# #$*&^# :):):):):):):):):):):):):):):):):):):):):):):):):):):):):) you bad bad bad #&$^*#] in forum [Suggestions v] // Or a random forum  
end

I mean HTTP requests, not just posting to a forum

pineapplefan1234yt wrote:

PizzaAddict4Life wrote:

Boomer001 wrote:

pineapplefan1234yt wrote:

Scratch would add ratelimits, meaning you couldn't crash websites, and it wouldn't send information about the users.

But still; it can be dangerous.

I would assume that it would post by the user there. So, example:

when green flag clicked
forever
Create thread title [Scratch is stupid and dumb] with body [Scratch bad, it meaninie, *&#(%# #$*&^# :):):):):):):):):):):):):):):):):):):):):):):):):):):):):) you bad bad bad #&$^*#] in forum [Suggestions v] // Or a random forum  
end

I mean HTTP requests, not just posting to a forum

Oh, I guess I don't understand what an HTTP request is…

Edit: I did ask if it was for the scratch forums and I didn't get an answer so I just assumed it was this because that is what it looked like