manyfold3d
Add support for opening directly in Bambu Studio
We have the code to do this, but Bambu Studio blocks URLs not from makerworld.com. Feature request to remove restriction is at https://github.com/bambulab/BambuStudio/issues/6120, but until they allow it, this is blocked.
FYI it just needs to match http://makerworld* or https://makerworld* which means if you serve the files from https://makerworld.manyfold.app it will allow you to open in bambuslicer.
yep, as I stated on a PR for Bambulab
IMO this seems kinda non-issue, maybe give a toggle for the restrictions and say something like "Warning, when this is disabled links from malicious sites may be loaded, proceed at your own risk" when the user goes to disable them?
https://github.com/bambulab/BambuStudio/pull/5347#issuecomment-2505366640
Currently, you can just host the malware on a - random s3 bucket or literally any domain or sub domain starting with "makerworld". Examples:
evilbucket.s3-website-us-east-1.amazonaws.com/malware.stlmakerworldevil.com/malware.stlmakerworld.evil.example.com/malware.stlIf this really is intended to help the user it should be togglable, as suggested above, and check for whitelisted certificates instead of a partial URL check.
Anything short of that is effectively just annoying gatekeeping. Let's not pretend it's a security feature.
This right here, lets be honest, this is almost certainly just gatekeeping. If it was for security it should just be
if (boost::starts_with(input_str, "https://makerworld.com/") { download_url = input_str; }This is almost certainly a (Misguided) attempt at vendor lock-in. It should default to above and have a toggle to allow all sources as this commit has it set.
You can show a warning that says "
Warning: When this is disabled links from potentially malicious sites are able to be loaded, proceed at your own risk, BambuLab and its affiliates are not responsible for any risk assumed by disabling this feature!" That IS in fact legally binding in most countries.Edit: For example https://makerworld.MalwareDomain.invalid/ImVeryEvil-Malware.stl currently is allowed but https://files.printables.com/media/prints/identifier/stls/otheridentifier/example.stl is not allowed
https://github.com/bambulab/BambuStudio/pull/5347#issuecomment-2506706638
Another reason the "security" argument falls apart, A bad actor can also just (mis)use a FOSS CORS proxy and have it serve https://files.printables.com/media/prints/identifier/stls/otheridentifier/example.stl as https://makerworld.evilproxy.invalid/?https://files.printables.com/media/prints/identifier/stls/otheridentifier/example.stl and that would effectively open it up to allowing anything to be loaded.
https://github.com/bambulab/BambuStudio/pull/5347#issuecomment-2506772628
Bambu should work now, they opened it up by adding a confirmation dialog for untrusted sources, but I can't make it work here yet.