Skip to content

Add 'Load assets with credentials' (withCredentials) project setting #2132

Description

@mvaligursky

Summary

Expose the engine's new global withCredentials flag as a project setting, so projects can load assets from an authenticated cross-origin host (CDN/storage that requires cookies, client TLS certificates or HTTP auth) without hand-editing the generated bootstrap.

Engine support: playcanvas/engine#8983 (closes playcanvas/engine#1649).

Background

The engine now has a single, global opt-in:

  • ResourceLoader.withCredentials (boolean, default false) — forwards to the shared HTTP layer and applies to all XHR-based asset loads (textures, models, audio, JSON, fonts, …).
  • AppBase._parseApplicationProperties reads application_properties.withCredentials and applies it during configure() before preload(), so preloaded assets pick it up automatically — exactly the same path already used by maxAssetRetries and maxConcurrentRequests.

So the editor side only needs to surface a setting and make sure it lands in the published config.json under application_properties.

Proposed work

  1. Project settings schema (src/editor/settings/project-settings.ts): add withCredentials: boolean (default false).
  2. Settings UI (src/editor/inspector/settings-panels/network.ts): add a boolean field to the existing NETWORK panel, e.g.
    • label: Asset Credentials (or Load Assets With Credentials)
    • path: withCredentials
    • type: boolean
    • reference: settings:project:withCredentials
  3. Reference/help text (src/editor/attributes/reference/settings.ts): add the settings:project:withCredentials entry. Suggested copy: "Send asset requests with credentials (cookies, client certificates, HTTP auth). Enable when assets are served from an authenticated cross-origin host. The server must respond with a non-wildcard Access-Control-Allow-Origin and Access-Control-Allow-Credentials: true."
  4. Published config export: ensure the setting is written into config.json application_properties.withCredentials (same export path as maxAssetRetries/maxConcurrentRequests), so the engine reads it before preload.
  5. Launch tab (src/launch/viewport/viewport.ts): for parity, set app.loader.withCredentials = projectSettings.get('withCredentials') before app.preload(...) (the preload call at the top of init()). Note the launch preview loads assets from same-origin assetPrefix: '/api/', so cookies already flow there and this is mostly cosmetic — but keep it consistent. (Careful: the existing enableRetry wiring runs after init(); the credentials flag must be set before preload to take effect.)

Caveats to document

  • Does not cover config.json itself (fetched before any property is parsed) or the engine/game/loading-screen <script> tags (fetched by the browser, not the engine HTTP layer). Those must be reachable without credentials, or served same-origin.
  • Defaults to false; purely opt-in, no behavior change for existing projects.

Use case

Reported in playcanvas/engine#1649: textures (and other assets) on an authenticated cross-origin host returned 401 because there was no way to enable withCredentials for asset loads.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Backlog

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions