godotengine
/
godot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Docs: Add warnings about no SSL/(D)TLS revocation 

(cherry picked from commit 4eb427afb8)
This commit is contained in:
Max Hilbrunner 2021-08-11 15:49:58 +02:00 committed by Rémi Verschelde
parent 34f7ceefe0
commit 235fec4316
No known key found for this signature in database
GPG Key ID: C3336907360768E1
3 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/classes/HTTPClient.xml
View File

@ -10,6 +10,7 @@
For more information on HTTP, see https://developer.mozilla.org/en-US/docs/Web/HTTP (or read RFC 2616 to get it straight from the source: https://tools.ietf.org/html/rfc2616). For more information on HTTP, see https://developer.mozilla.org/en-US/docs/Web/HTTP (or read RFC 2616 to get it straight from the source: https://tools.ietf.org/html/rfc2616).
[b]Note:[/b] When performing HTTP requests from a project exported to HTML5, keep in mind the remote server may not allow requests from foreign origins due to [url=https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS]CORS[/url]. If you host the server in question, you should modify its backend to allow requests from foreign origins by adding the [code]Access-Control-Allow-Origin: *[/code] HTTP header. [b]Note:[/b] When performing HTTP requests from a project exported to HTML5, keep in mind the remote server may not allow requests from foreign origins due to [url=https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS]CORS[/url]. If you host the server in question, you should modify its backend to allow requests from foreign origins by adding the [code]Access-Control-Allow-Origin: *[/code] HTTP header.
[b]Note:[/b] SSL/TLS support is currently limited to TLS 1.0, TLS 1.1, and TLS 1.2. Attempting to connect to a TLS 1.3-only server will return an error. [b]Note:[/b] SSL/TLS support is currently limited to TLS 1.0, TLS 1.1, and TLS 1.2. Attempting to connect to a TLS 1.3-only server will return an error.
[b]Warning:[/b] SSL/TLS certificate revocation and certificate pinning are currently not supported. Revoked certificates are accepted as long as they are otherwise valid. If this is a concern, you may want to use automatically managed certificates with a short validity period.
</description> </description>
<tutorials> <tutorials>
<link>https://docs.godotengine.org/en/3.3/tutorials/networking/http_client_class.html</link> <link>https://docs.godotengine.org/en/3.3/tutorials/networking/http_client_class.html</link>

3
doc/classes/HTTPRequest.xml
View File

@ -6,6 +6,7 @@
<description> <description>
A node with the ability to send HTTP requests. Uses [HTTPClient] internally. A node with the ability to send HTTP requests. Uses [HTTPClient] internally.
Can be used to make HTTP requests, i.e. download or upload files or web content via HTTP. Can be used to make HTTP requests, i.e. download or upload files or web content via HTTP.
[b]Warning:[/b] See the notes and warnings on [HTTPClient] for limitations, especially regarding SSL security.
[b]Example of contacting a REST API and printing one of its returned fields:[/b] [b]Example of contacting a REST API and printing one of its returned fields:[/b]
[codeblock] [codeblock]
func _ready(): func _ready():
@ -68,8 +69,6 @@
HttpRequest will automatically handle decompression of response bodies. HttpRequest will automatically handle decompression of response bodies.
A "Accept-Encoding" header will be automatically added to each of your requests, unless one is already specified. A "Accept-Encoding" header will be automatically added to each of your requests, unless one is already specified.
Any response with a "Content-Encoding: gzip" header will automatically be decompressed and delivered to you as a uncompressed bytes. Any response with a "Content-Encoding: gzip" header will automatically be decompressed and delivered to you as a uncompressed bytes.
[b]Note:[/b] When performing HTTP requests from a project exported to HTML5, keep in mind the remote server may not allow requests from foreign origins due to [url=https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS]CORS[/url]. If you host the server in question, you should modify its backend to allow requests from foreign origins by adding the [code]Access-Control-Allow-Origin: *[/code] HTTP header.
[b]Note:[/b] SSL/TLS support is currently limited to TLS 1.0, TLS 1.1, and TLS 1.2. Attempting to connect to a TLS 1.3-only server will return an error.
</description> </description>
<tutorials> <tutorials>
<link>https://docs.godotengine.org/en/3.3/tutorials/networking/http_request_class.html</link> <link>https://docs.godotengine.org/en/3.3/tutorials/networking/http_request_class.html</link>

1
doc/classes/PacketPeerDTLS.xml
View File

@ -5,6 +5,7 @@
</brief_description> </brief_description>
<description> <description>
This class represents a DTLS peer connection. It can be used to connect to a DTLS server, and is returned by [method DTLSServer.take_connection]. This class represents a DTLS peer connection. It can be used to connect to a DTLS server, and is returned by [method DTLSServer.take_connection].
[b]Warning:[/b] SSL/TLS certificate revocation and certificate pinning are currently not supported. Revoked certificates are accepted as long as they are otherwise valid. If this is a concern, you may want to use automatically managed certificates with a short validity period.
</description> </description>
<tutorials> <tutorials>
</tutorials> </tutorials>