feat(bundler/cli): Add feature flag to use system certificates#21
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| let response = ureq::get(url).call().map_err(Box::new)?; | ||
| let mut bytes = Vec::new(); | ||
| response.into_body().into_reader().read_to_end(&mut bytes)?; | ||
| std::fs::write(&file_path, bytes)?; |
There was a problem hiding this comment.
WebView2 download bypasses platform certificates configuration
High Severity
The download_webview2_offline_installer function was changed to use ureq::get(url) directly instead of the download() helper function. This bypasses the base_ureq_agent() configuration, meaning this download won't use platform certificates (defeating the purpose of this PR) or proxy settings from environment variables. The download function is imported but no longer used here, while webview2_guid_path and download_webview2_bootstrapper correctly use the configured agent.
| .ok() | ||
| .and_then(|cdn| Url::parse(&cdn).ok()) | ||
| .map(|mut cdn| { | ||
| cdn.set_path(github_url); |
There was a problem hiding this comment.
GitHub mirror URL ignores asset path completely
High Severity
The generate_github_mirror_url_from_base function no longer incorporates the github_url parameter into the mirror URL. The old code used cdn.set_path(github_url) to append the GitHub URL path to the mirror base, but this was removed. Now the function returns only the base mirror URL, ignoring which asset is being requested. Users with TAURI_BUNDLER_TOOLS_GITHUB_MIRROR configured will get broken mirror functionality.
1 participant
Benchmark PR from qodo-benchmark#172
Note
Introduces platform certificate verification for HTTP requests to improve TLS trust handling across OSes.
platform-certsfeature (enabled by default) totauri-bundlerandtauri-cli; wiresureq/platform-verifierbase_ureq_agent()configuresureqwithRootCerts::PlatformVerifier(when feature enabled) and proxy from envcli:crate_latest_versionnow uses a TLS agent honoring system certs; fixcrate_versionto populatelock_versionwhen lock entries existbundler: use shared agent for WebView2 GUID resolution; minor adjustments to download pathsrustls-platform-verifier(and Android support) and alignjniversions across cratesWritten by Cursor Bugbot for commit 7b5f451. Configure here.