-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add http
& https
asset sources
#16366
base: main
Are you sure you want to change the base?
Conversation
It looks like |
It's possible to add an exception for the licenses, but unmaintained and vulnerable is pretty bad. |
This could be done with something like |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep this looks awesome to me! Also I wasn't aware of the surf
crate; I'll have to keep it in mind for any bevy dashboards I make in the future
@mnmaita actually that would be great, I've replaced // crates/bevy_asset/src/http_source.rs#134
let client = reqwest_middleware::ClientBuilder::new(Client::new())
.with(Cache(HttpCache {
mode: CacheMode::Default,
manager: CACacheManager::default(),
options: HttpCacheOptions::default(),
}))
.build();
let response = ContinuousPoll(client.get(str_path).send())
.await |
FWIW surf has a bug where any erroring http response >8kb stops every subsequent request from succeeding and is unlikely to ever be fixed which made me unable to use bevy_web_asset so I would personally appreciate a switch 😄. If you can't get reqwest to work perhaps hyper would suffice since it's already in the dep tree for BRP? Perhaps too low level for this. |
The council of bevy async wizards has spoken and we're going with A few notes:
|
You added a new example but didn't add metadata for it. Please update the root Cargo.toml file. |
Tested on Windows 11. The example prints a 404 error when the .meta file fails to load and doesn't show the sprite. If I configure AssetPlugin to AssetMetaCheck::Never, it runs correctly. I believe the asset is still supposed to load successfully even if the .meta file 404s so I think this is a bug? |
You can ignore that. It isn't a required check. Once those 2 small issues above are fixed, this should be in a pretty good state, I think. |
a decision on authorising licenses unicode 3.0 and MPL 2.0 need to be taken before merging this PR |
Previous Unicode licenses are already allowed and it is extremely permissive. MPL 2.0 is already in tree under off-by-default feature flags for various audio formats. This doesn't strike me as any different, and MPL is not dangerously viral to use as a dependency in the same way as e.g. AGPL. |
then they should be added to the license check config, otherwise every other pr after will have failed ci |
Last license issue is ring (ureq > rustls dep) which has a custom license:
|
could you try to remove the dependency on ring by disabling default feature also on the dev-dependency to ureq? |
ring comes from rustls support, which is enabled by default with the tls feature This means that we force our users to use rustls, but also that someone has to properly review that license |
from the license:
Seems kind of a pain. I think it means we won't be able to talk about the engine being able to download things from https without copying that |
Looking at the ring license, it appears to be mostly MIT. However:
This clause is super annoying. It looks like it's a very old amateur license from 1995 or so. The practical risk is low, but we should not allow this license. Can we change features around to avoid |
See briansmith/ring#1827 for a tracking issue for the upstream licensing stuff. We very much shouldn't try to wait on that. |
From what i can gather on these ureq issues, the new rustls default is aws-lc-rs instead of ring. It seems to have better licensing but worse devx, requiring non-rust dependencies for windows builds. |
Bah, okay. Can we ship without https support by default and leave the choice up to the end user? I don't particularly care about encrypting e.g. example assets TBH. |
Sounds good, i guess most users of this feature will need it because just about everything is https these days. The workaround is in the Cargo.toml We can add tls when ring sorts its license out and in the meantime adding https suppport is a one-liner: # enable bevy https asset loader
ureq = { version = "*", features = ["tls"] }
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once there's a note or two about the license in the docs I'm happy to merge this.
I don't think it's worth it to merge this without https support Nowadays everything is https. hiding the license behind a not enabled feature is not a fix, because for pretty much all use cases it will need to be enabled and the license issue solved |
Objective
bevy_web_asset
, allowing assets loaded viahttp
#16307Solution
http
&https
asset sourcesTesting
cargo run --example http_source
Showcase
Bevy now supports assets loaded via url!
Add the
http_source
and optionallyhttp_source_cache
features.