Note, it will only used by the Editor, not when running the game.
This allows package maintainer to compile Godot to use system installed
certificates when accessing the AssetLib.
If this is undesired it can be avoided by specifying builtin_certs=no .
Bundled SSL certs will be used unless you specify an override in:
Project Settings -> SSL -> Certificates .
Unified BSD and Winsock sockets into a single implementation of a
generic NetSocket interface.
This is some ground work for few network improvements:
- Reuse as much code as possible between Posix and Windows.
- Provide a single point of implementation for exotic sdks (consoles).
- Provide platform agnostic StreamPeerTCP and PacketPeerUDP in core.
- Implement connect for UDP allowing for DTLS implementation.
This allows more consistency in the manner we include core headers,
where previously there would be a mix of absolute, relative and
include path-dependent includes.
Yesterday, when playing around with my network code, I realized there is
a security issue in decode_variant, at least when decoding PoolArrays.
Basically, the size of the PoolArray is encoded in a uint32_t, when
decoding it, that value is cast to int when comparing if the packet is
actually that size causing numbers with MSB=1 to be interpreted as
negative thus always passing the check. That same value though, is used
as uint32_t again to resize the output vector. For this reason, sending
a malformed packet with declared type PoolByteArray and size of 2^31(+x)
causes the engine to try to allocate 2+GB of pool memory, causing the
engine to crash.
(cherry picked from commit 5262d1bbcc)
This commit makes operator[] on Vector const and adds a write proxy to it. From
now on writes to Vectors need to happen through the .write proxy. So for
instance:
Vector<int> vec;
vec.push_back(10);
std::cout << vec[0] << std::endl;
vec.write[0] = 20;
Failing to use the .write proxy will cause a compilation error.
In addition COWable datatypes can now embed a CowData pointer to their data.
This means that String, CharString, and VMap no longer use or derive from
Vector.
_ALWAYS_INLINE_ and _FORCE_INLINE_ are now equivalent for debug and non-debug
builds. This is a lot faster for Vector in the editor and while running tests.
The reason why this difference used to exist is because force-inlined methods
used to give a bad debugging experience. After extensive testing with modern
compilers this is no longer the case.
Before this change, missing User-Agent and Accept headers were automatically
added on all platforms. Setting the User-Agent header forces the browser to
do a CORS preflight (see 1) which fails if the HTTP endpoint is not
configured appropriate. It's not neccesary to set either header as the
browser sets them and so this commit disables that functionality on the JS
target.
1: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simple_requests
Implements the same heuristic as Curl (and web browsers): if no `Content-Length`, no `Connection: keep-alive` and no chunked transfer encoding, assume th rest of the data until EOF is the body, gracefully setting the HTTP client back to the disconnected state.
Theoretically, this is not compliant with HTTP 1.1, by which `keep-alive` is the default, but in practice, an explicit header is sent by servers.