Only do permission validations on server

context.SenderId will be the server for a client receiving the proxied message, so the checks will not be accurate. The checks are also unnecessary considering the checks have already been done by the server.

Author: xmanning

com.unity.netcode.gameobjects/Runtime/Messaging/Messages/ProxyMessage.cs

@@ -43,25 +43,26 @@ public unsafe void Handle(ref NetworkContext context)
             }
             var observers = networkObject.Observers;
 
-            var networkBehaviour = networkObject.GetNetworkBehaviourAtOrderIndex(WrappedMessage.Metadata.NetworkBehaviourId);
-
-            RpcInvokePermission permission = NetworkBehaviour.__rpc_permission_table[networkBehaviour.GetType()][WrappedMessage.Metadata.NetworkRpcMethodId];
-            bool hasPermission = permission switch
+            // Validate message if server
+            if (networkManager.IsServer)
             {
-                RpcInvokePermission.Anyone => true,
-                RpcInvokePermission.Server => context.SenderId == networkManager.LocalClientId,
-                RpcInvokePermission.Owner => context.SenderId == networkBehaviour.OwnerClientId,
-                _ => false,
-            };
+                var networkBehaviour = networkObject.GetNetworkBehaviourAtOrderIndex(WrappedMessage.Metadata.NetworkBehaviourId);
 
-            // Do not handle the message if the sender does not have permission to do so.
-            if (!hasPermission)
-            {
-                return;
-            }
+                RpcInvokePermission permission = NetworkBehaviour.__rpc_permission_table[networkBehaviour.GetType()][WrappedMessage.Metadata.NetworkRpcMethodId];
+                bool hasPermission = permission switch
+                {
+                    RpcInvokePermission.Anyone => true,
+                    RpcInvokePermission.Server => context.SenderId == networkManager.LocalClientId,
+                    RpcInvokePermission.Owner => context.SenderId == networkBehaviour.OwnerClientId,
+                    _ => false,
+                };
+
+                // Do not handle the message if the sender does not have permission to do so.
+                if (!hasPermission)
+                {
+                    return;
+                }
 
-            if (networkManager.IsServer)
-            {
                 WrappedMessage.SenderClientId = context.SenderId;
             }