Body length cannot be reliably retrieved from the web.
Reading the "content-length" value will return a meaningless value when
the response is compressed, as reading will return uncompressed chunks
in any case, resulting in a mismatch between the detected body size and
the actual size returned by repeatedly calling read_response_body_chunk.
Additionally, while "content-length" is considered a safe CORS header,
"content-encoding" is not, so using the "content-encoding" to decide if
"content-length" is meaningful is not an option either.
We simply must accept the fact that browsers are awful when it comes to
networking APIs.
(cherry picked from commit f4713d235a)
Use a TLSOptions configuration object which is created via static
functions.
- "TLSOptions.client": uses the standard CA and common name verification.
- "TLSOptions.client_unsafe": uses optional CA verification (i.e. if specified)
- "TLSOptions.server": is the standard server configuration (chain + key)
This will allow us to expand the TLS configuration options to include
e.g. mutual authentication without bloating the classes that uses
StreamPeerTLS and PacketPeerDTLS as underlying peers.
As many open source projects have started doing it, we're removing the
current year from the copyright notice, so that we don't need to bump
it every year.
It seems like only the first year of publication is technically
relevant for copyright notices, and even that seems to be something
that many companies stopped listing altogether (in a version controlled
codebase, the commits are a much better source of date of publication
than a hardcoded copyright statement).
We also now list Godot Engine contributors first as we're collectively
the current maintainers of the project, and we clarify that the
"exclusive" copyright of the co-founders covers the timespan before
opensourcing (their further contributions are included as part of Godot
Engine contributors).
Also fixed "cf." Frenchism - it's meant as "refer to / see".