Changes to the Quick Bar

As you may have noticed, we started rolling out some changes to the Quick Bar this week. We’re making these changes for a few reasons and would like to elaborate on these.


When the Quick Bar was originally implemented, it was meant only as a way to quickly link to different parts of the game. As you know, the main use case is now to store and run scripts. The problem with that is every time you load a page in the game, every script you have needs to be sent along with the response. For some players this doubled the size of the response from the server. Unlike traditional scripts, there was no way to cache this. Now that most people have fast connections and computers the effect was negligible, but still something undesirable as even an extra 20-50ms in rendering time adds up.

Under the new system, scripts are not included in the data you receive from the server during a page load. Instead, when you click on a script in the Quick Bar, we request that script in that moment, then cache it on your browser for a short time period. This means you only ever download data you need, and if you run the same script 100 times in the same few minutes, you’ll still only need to download it once.

Saner restrictions

Did you know there was a limit of the size of the Quick Bar, but there was no sure way to know when you would be over it? The previous implementation had a size limit of 65 kB for the total size of the Quick Bar titles, entries, and metadata. This no longer really made sense, so we have removed this limit and replaced it with a limit of 10k characters per script. Before making this change we analysed all the scripts in usage and found the number of players affected to be very low.

Tribal Wars will start being served securely (over https)

When you try and access a service such as Google, Facebook or Wikipedia, you may notice that your browser shows a secure padlock and the page URL starts with a “https”. This means your connection is encrypted. Without this, people would potentially be able to monitor and view your internet activity, or even find out your password as you logged in. Your private mails could be intercepted.




We’ve been working on making the switch to https for Tribal Wars for several months now. Some parts of the game already use a encrypted connection. If you login with the Mobile Apps or use the in-game chat system, your details are sent securely.

The biggest blocker we’ve had is the usage of scripts. For a web page to be loaded securely, browsers must add several restrictions to maintain the security model. One of these restrictions is that if you’re accessing a page securely, you cannot load a script that is hosted insecurely. This meant that as soon as we switched the game worlds to a secure connection, any Quick Bar script that fetched another script would be blocked.


When we make the switch, we will have a temporary solution in place that will notice when your browser attempts to load an insecurely hosted script and will download it via our secure network instead. Unfortunately, we cannot keep this system in place forever as it is not ideal and may not work 100% of the time (especially in older browsers, or if the script relies on the request coming from your browser and not our servers). As such, we’ve started warning script authors now so that they can migrate their scripts to a secure connection as soon as possible.

Hosting scripts securely is now easier than it has ever been before. Some possibilities are:

  • Upload your script to a dropbox account and access it via the share link
  • Utilise the free service from Cloudflare that allows you to add https to your site
  • If you’re more technically minded, Let’s Encrypt will soon start offering free certificates


Fixes, patches and updates!, General

Comments are closed.