summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRĂ©mi Verschelde <remi@verschelde.fr>2021-08-11 17:37:50 +0200
committerGitHub <noreply@github.com>2021-08-11 17:37:50 +0200
commitb7f0fc2a08e9ef300cd1a50d13540107dcada013 (patch)
tree7be4a46c92863ae1d62e95b1154f4703bd802355
parent2559089b6f3c7d5ada63b90d6632c96a24ccd400 (diff)
parent4eb427afb8ef22631ccf261362c1bb49776b987b (diff)
Merge pull request #51513 from mhilbrunner/ssl-warning
Docs: Add warnings about no SSL/(D)TLS revocation
-rw-r--r--doc/classes/HTTPClient.xml1
-rw-r--r--doc/classes/HTTPRequest.xml3
-rw-r--r--doc/classes/PacketPeerDTLS.xml1
3 files changed, 3 insertions, 2 deletions
diff --git a/doc/classes/HTTPClient.xml b/doc/classes/HTTPClient.xml
index df42869dbe..22398cc3ce 100644
--- a/doc/classes/HTTPClient.xml
+++ b/doc/classes/HTTPClient.xml
@@ -10,6 +10,7 @@
For more information on HTTP, see https://developer.mozilla.org/en-US/docs/Web/HTTP (or read RFC 2616 to get it straight from the source: https://tools.ietf.org/html/rfc2616).
[b]Note:[/b] When performing HTTP requests from a project exported to HTML5, keep in mind the remote server may not allow requests from foreign origins due to [url=https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS]CORS[/url]. If you host the server in question, you should modify its backend to allow requests from foreign origins by adding the [code]Access-Control-Allow-Origin: *[/code] HTTP header.
[b]Note:[/b] SSL/TLS support is currently limited to TLS 1.0, TLS 1.1, and TLS 1.2. Attempting to connect to a TLS 1.3-only server will return an error.
+ [b]Warning:[/b] SSL/TLS certificate revocation and certificate pinning are currently not supported. Revoked certificates are accepted as long as they are otherwise valid. If this is a concern, you may want to use automatically managed certificates with a short validity period.
</description>
<tutorials>
<link title="HTTP client class">https://docs.godotengine.org/en/latest/tutorials/networking/http_client_class.html</link>
diff --git a/doc/classes/HTTPRequest.xml b/doc/classes/HTTPRequest.xml
index 4a56c7e3fd..f45ddd0abb 100644
--- a/doc/classes/HTTPRequest.xml
+++ b/doc/classes/HTTPRequest.xml
@@ -6,6 +6,7 @@
<description>
A node with the ability to send HTTP requests. Uses [HTTPClient] internally.
Can be used to make HTTP requests, i.e. download or upload files or web content via HTTP.
+ [b]Warning:[/b] See the notes and warnings on [HTTPClient] for limitations, especially regarding SSL security.
[b]Example of contacting a REST API and printing one of its returned fields:[/b]
[codeblocks]
[gdscript]
@@ -150,8 +151,6 @@
[/codeblocks]
[b]Gzipped response bodies[/b]: HTTPRequest will automatically handle decompression of response bodies. A [code]Accept-Encoding[/code] header will be automatically added to each of your requests, unless one is already specified. Any response with a [code]Content-Encoding: gzip[/code] header will automatically be decompressed and delivered to you as uncompressed bytes.
- [b]Note:[/b] When performing HTTP requests from a project exported to HTML5, keep in mind the remote server may not allow requests from foreign origins due to [url=https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS]CORS[/url]. If you host the server in question, you should modify its backend to allow requests from foreign origins by adding the [code]Access-Control-Allow-Origin: *[/code] HTTP header.
- [b]Note:[/b] SSL/TLS support is currently limited to TLS 1.0, TLS 1.1, and TLS 1.2. Attempting to connect to a TLS 1.3-only server will return an error.
</description>
<tutorials>
<link title="Making HTTP requests">https://docs.godotengine.org/en/latest/tutorials/networking/http_request_class.html</link>
diff --git a/doc/classes/PacketPeerDTLS.xml b/doc/classes/PacketPeerDTLS.xml
index 99a1aea5a6..b05743fb5a 100644
--- a/doc/classes/PacketPeerDTLS.xml
+++ b/doc/classes/PacketPeerDTLS.xml
@@ -5,6 +5,7 @@
</brief_description>
<description>
This class represents a DTLS peer connection. It can be used to connect to a DTLS server, and is returned by [method DTLSServer.take_connection].
+ [b]Warning:[/b] SSL/TLS certificate revocation and certificate pinning are currently not supported. Revoked certificates are accepted as long as they are otherwise valid. If this is a concern, you may want to use automatically managed certificates with a short validity period.
</description>
<tutorials>
</tutorials>