The way you have the code it should propagation to all peers, you can also try rpc_id(0, <method>)
to broadcast. The path though may not be obvious. (Idk if it goes to the host first and is relayed to the peer. Or does it go directly to the peer? I haven’t investigates that level yet. )
The docs suggest the message goes to the server then other peers. You can try turning server_relay off to see if this changes behavior.
Adding reliable
does not guarantee the time in which it is delivered, nor does it take into account when other packets for the same object arrive. It can only guarantee it will get delivered*. ( *well maybe, it will try real hard. There is a retry limit.)
On Localhost it will probably work 99.99% of the time as the packets never leave your computer. Real world networks, with delay and network congestion between clients, it will get into trouble.
Options
You can mitigate this if you pass a timestamp in the RPC when setting the auth, only changing it if the timestamp is newer then the last time it changed. But the timestamp will all have to come from the same clock source. And that is another topic anyway.
Secondary Concern
Then there comes the context on what it controls. In the simplest sense, lets say the first to hit the check box wins. Lets also say it appears in a random position and fairly to all peers. (I.e. Peers are time synced).
When every one goes to press it, peer2 was physically fastest and should win, but peer1, being the host, sets it first because it had no delay.
Now do you just declare peer1 the winner? No that’s not fair, you now need to wait until all the peers responses have come in to decide who the winner is. But who makes this decision?
This is yet another layer of complexity you need to add. Although this complexity isnt unique to this case. My main point is you need to take into consideration what this is controlling. it could be insignificant, but most likely will contribute to some competitiveness that players will demand fairness.