contentauth · ok-nick · Nov 19, 2025 · Nov 19, 2025 · Nov 19, 2025 · Nov 19, 2025
diff --git a/.github/workflows/beta-preflight.yml b/.github/workflows/beta-preflight.yml
@@ -216,7 +216,7 @@ jobs:
         run: cargo binstall -y wasm-bindgen-cli --version ${{ steps.wasm-bindgen-version.outputs.version }}
 
       - name: Run Wasm tests
-        run: cargo test -p c2pa --no-default-features --features rust_native_crypto,fetch_remote_manifests --target wasm32-unknown-unknown
+        run: cargo test -p c2pa --no-default-features --features rust_native_crypto, --target wasm32-unknown-unknown
         env:
           CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER: wasm-bindgen-test-runner
           GECKODRIVER: geckodriver

diff --git a/.github/workflows/tier-1a.yml b/.github/workflows/tier-1a.yml
@@ -458,7 +458,7 @@ jobs:
         run: cargo binstall -y wasm-bindgen-cli --version ${{ steps.wasm-bindgen-version.outputs.version }}
 
       - name: Run Wasm tests
-        run: cargo test -p c2pa --no-default-features --features rust_native_crypto,fetch_remote_manifests,http_reqwest --target wasm32-unknown-unknown
+        run: cargo test -p c2pa --no-default-features --features rust_native_crypto,http_reqwest --target wasm32-unknown-unknown
         env:
           CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER: wasm-bindgen-test-runner
           GECKODRIVER: geckodriver

diff --git a/Makefile b/Makefile
@@ -19,7 +19,7 @@ CARGO_TEST := $(shell cargo nextest --version > /dev/null 2>&1 && echo "cargo ne
 
 # Common feature set used by check-docs, clippy, and test-local so that all
 # three share the same incremental build cache and avoid redundant recompilation.
-FEATURES := file_io,fetch_remote_manifests,add_thumbnails
+FEATURES := file_io,add_thumbnails
 
 check-format:
 	cargo +nightly fmt -- --check
@@ -39,21 +39,21 @@ test-sdk: check-format check-docs clippy
 	$(CARGO_TEST) -p c2pa --features="$(FEATURES)" --lib --tests
 
 test-wasm:
-	cd sdk && wasm-pack test --node -- --no-default-features --features="rust_native_crypto, fetch_remote_manifests, http_reqwest"
+	cd sdk && wasm-pack test --node -- --no-default-features --features="rust_native_crypto, http_reqwest"
 
 test-wasm-web:
 ifeq ($(PLATFORM),mac)
-	SAFARIDRIVER=$(shell which safaridriver) cargo test -p c2pa --no-default-features --features rust_native_crypto,fetch_remote_manifests,http_reqwest --target wasm32-unknown-unknown
+	SAFARIDRIVER=$(shell which safaridriver) cargo test -p c2pa --no-default-features --features rust_native_crypto,http_reqwest --target wasm32-unknown-unknown
 else
-	cargo test -p c2pa --no-default-features --features rust_native_crypto,fetch_remote_manifests,http_reqwest --target wasm32-unknown-unknown
+	cargo test -p c2pa --no-default-features --features rust_native_crypto,http_reqwest --target wasm32-unknown-unknown
 endif
 
 # WASI testing requires upstream llvm clang (not XCode), wasmtime, and the target wasm32-wasip2 on the nightly toolchain
 test-wasi:
 ifeq ($(PLATFORM),mac)
 	$(eval CC := /opt/homebrew/opt/llvm/bin/clang)
 endif
-	CC=$(CC) CARGO_TARGET_WASM32_WASIP2_RUNNER="wasmtime -S cli -S http --dir ." cargo +nightly test --target wasm32-wasip2 -p c2pa --no-default-features --features="rust_native_crypto, file_io, fetch_remote_manifests, add_thumbnails, http_wasi, http_wstd"
+	CC=$(CC) CARGO_TARGET_WASM32_WASIP2_RUNNER="wasmtime -S cli -S http --dir ." cargo +nightly test --target wasm32-wasip2 -p c2pa --no-default-features --features="rust_native_crypto, file_io, add_thumbnails, http_wasi, http_wstd"
 	rm -r sdk/Users
 
 # Full local validation, build and test all features including wasm

diff --git a/c2pa_c_ffi/Cargo.toml b/c2pa_c_ffi/Cargo.toml
@@ -29,7 +29,6 @@ add_thumbnails = ["c2pa/add_thumbnails"]
 
 [dependencies]
 c2pa = { path = "../sdk", version = "0.78.7", default-features = false, features = [
-    "fetch_remote_manifests",
     "file_io",
     "pdf",
 ] }

diff --git a/c2pa_c_ffi/src/c_api.rs b/c2pa_c_ffi/src/c_api.rs
@@ -2407,7 +2407,7 @@ pub unsafe extern "C" fn c2pa_builder_set_fixed_size_merkle(
 /// # Example
 /// ```c
 ///  auto data = std::vector<std::uint8_t> buffer(1024);
-///  
+///
 ///  c2pa_builder_hash_mdat_bytes(builder, 1, (const uint8_t*)data.data(), 1024, true);
 /// ```
 #[no_mangle]
@@ -3271,6 +3271,19 @@ mod tests {
 
     #[test]
     fn test_c2pa_reader_remote_url() {
+        let settings = serde_json::json!( {
+            "verify": {
+                "remote_manifest_fetch": true
+            }
+        });
+        let result = unsafe {
+            c2pa_load_settings(
+                CString::new(settings.to_string()).unwrap().as_ptr(),
+                c"json".as_ptr(),
+            )
+        };
+        assert_eq!(result, 0);
+
         let mut stream = TestStream::new(include_bytes!(fixture_path!("cloud.jpg")).to_vec());
 
         let format = CString::new("image/jpeg").unwrap();
@@ -4053,6 +4066,19 @@ verify_after_sign = true
 
     #[test]
     fn test_c2pa_reader_detailed_json() {
+        let settings = serde_json::json!( {
+            "verify": {
+                "remote_manifest_fetch": true
+            }
+        });
+        let result = unsafe {
+            c2pa_load_settings(
+                CString::new(settings.to_string()).unwrap().as_ptr(),
+                c"json".as_ptr(),
+            )
+        };
+        assert_eq!(result, 0);
+
         use std::ffi::CStr;
 
         let source_image = include_bytes!(fixture_path!("cloud.jpg"));
@@ -4082,6 +4108,19 @@ verify_after_sign = true
 
     #[test]
     fn test_c2pa_reader_is_embedded() {
+        let settings = serde_json::json!( {
+            "verify": {
+                "remote_manifest_fetch": true
+            }
+        });
+        let result = unsafe {
+            c2pa_load_settings(
+                CString::new(settings.to_string()).unwrap().as_ptr(),
+                c"json".as_ptr(),
+            )
+        };
+        assert_eq!(result, 0);
+
         // Test with embedded manifest
         let source_image = include_bytes!(fixture_path!("cloud.jpg"));
         let mut stream = TestStream::new(source_image.to_vec());
@@ -4144,6 +4183,19 @@ verify_after_sign = true
 
     #[test]
     fn test_c2pa_builder_add_ingredient_from_stream() {
+        let settings = serde_json::json!( {
+            "verify": {
+                "remote_manifest_fetch": true
+            }
+        });
+        let result = unsafe {
+            c2pa_load_settings(
+                CString::new(settings.to_string()).unwrap().as_ptr(),
+                c"json".as_ptr(),
+            )
+        };
+        assert_eq!(result, 0);
+
         let manifest_def = CString::new("{}").unwrap();
         let builder = unsafe { c2pa_builder_from_json(manifest_def.as_ptr()) };
         assert!(!builder.is_null());
@@ -4213,6 +4265,19 @@ verify_after_sign = true
 
     #[test]
     fn test_c2pa_builder_with_archive() {
+        let settings = serde_json::json!( {
+            "verify": {
+                "remote_manifest_fetch": true
+            }
+        });
+        let result = unsafe {
+            c2pa_load_settings(
+                CString::new(settings.to_string()).unwrap().as_ptr(),
+                c"json".as_ptr(),
+            )
+        };
+        assert_eq!(result, 0);
+
         // Create initial builder
         let manifest_def = CString::new("{}").unwrap();
         let builder = unsafe { c2pa_builder_from_json(manifest_def.as_ptr()) };
@@ -4257,6 +4322,19 @@ verify_after_sign = true
 
     #[test]
     fn test_c2pa_reader_with_fragment() {
+        let settings = serde_json::json!( {
+            "verify": {
+                "remote_manifest_fetch": true
+            }
+        });
+        let result = unsafe {
+            c2pa_load_settings(
+                CString::new(settings.to_string()).unwrap().as_ptr(),
+                c"json".as_ptr(),
+            )
+        };
+        assert_eq!(result, 0);
+
         // Create initial reader
         let source_image = include_bytes!(fixture_path!("cloud.jpg"));
         let mut stream = TestStream::new(source_image.to_vec());
@@ -4293,6 +4371,19 @@ verify_after_sign = true
 
     #[test]
     fn test_c2pa_reader_with_fragment_null_format() {
+        let settings = serde_json::json!( {
+            "verify": {
+                "remote_manifest_fetch": true
+            }
+        });
+        let result = unsafe {
+            c2pa_load_settings(
+                CString::new(settings.to_string()).unwrap().as_ptr(),
+                c"json".as_ptr(),
+            )
+        };
+        assert_eq!(result, 0);
+
         // Create initial reader
         let source_image = include_bytes!(fixture_path!("cloud.jpg"));
         let mut stream = TestStream::new(source_image.to_vec());
@@ -4502,6 +4593,19 @@ verify_after_sign = true
 
     #[test]
     fn test_c2pa_reader_json_better_coverage() {
+        let settings = serde_json::json!( {
+            "verify": {
+                "remote_manifest_fetch": true
+            }
+        });
+        let result = unsafe {
+            c2pa_load_settings(
+                CString::new(settings.to_string()).unwrap().as_ptr(),
+                c"json".as_ptr(),
+            )
+        };
+        assert_eq!(result, 0);
+
         // The existing test only tests null, let's test with valid reader
         let source_image = include_bytes!(fixture_path!("cloud.jpg"));
         let mut stream = TestStream::new(source_image.to_vec());
@@ -4621,6 +4725,19 @@ verify_after_sign = true
 
     #[test]
     fn test_c2pa_reader_from_manifest_data_and_stream_null_format() {
+        let settings = serde_json::json!( {
+            "verify": {
+                "remote_manifest_fetch": true
+            }
+        });
+        let result = unsafe {
+            c2pa_load_settings(
+                CString::new(settings.to_string()).unwrap().as_ptr(),
+                c"json".as_ptr(),
+            )
+        };
+        assert_eq!(result, 0);
+
         let source_image = include_bytes!(fixture_path!("cloud.jpg"));
         let mut stream = TestStream::new(source_image.to_vec());
         let manifest_data = [0u8; 100];

diff --git a/cli/Cargo.toml b/cli/Cargo.toml
@@ -29,7 +29,6 @@ networking = [
 anyhow = "1.0"
 atree = "=0.5.2"
 c2pa = { path = "../sdk", version = "0.78.7", features = [
-    "fetch_remote_manifests",
     "file_io",
     "add_thumbnails",
     "pdf",

diff --git a/cli/src/main.rs b/cli/src/main.rs
@@ -393,6 +393,15 @@ fn blocking_get(url: &str) -> Result<String> {
 }
 
 fn configure_sdk(args: &CliArgs) -> Result<()> {
+    // Enable remote manifest fetching for backwards compatibility.
+    Settings::from_toml(
+        &toml::toml! {
+            [verify]
+            remote_manifest_fetch = true
+        }
+        .to_string(),
+    )?;
+
     if args.settings.exists() {
         Settings::from_file(&args.settings)?;
     }

diff --git a/docs/support-tiers.md b/docs/support-tiers.md
@@ -36,7 +36,7 @@ These requirements are enforced in the [Tier 1A workflow](/.github/workflows/tie
 
 * **Ubuntu:** `x86_64-unknown-linux-gnu`, Rust `stable`, `all` features, `openssl` | `rust_native_crypto`, `glibc`
 * **Windows (ARM):** `aarch64-pc-windows-msvc`, Rust `stable`, `all` features, `openssl` | `rust_native_crypto`
-* **Wasm:** `wasm32-unknown-unknown`, Rust `stable`, `fetch_remote_manifests` feature, `rust_native_crypto`
+* **Wasm:** `wasm32-unknown-unknown`, Rust `stable`, `all` features, `rust_native_crypto`
 * **WASI:** `wasm32-wasip2`, Rust `nightly-2026-01-16`, `all` features
 
 ### Tier 1A for c2pa-c-ffi
@@ -108,7 +108,7 @@ These requirements are enforced in the [Tier 2 workflow](/.github/workflows/tier
 ### Tier 2 for c2pa-c-ffi
 
 * **Ubuntu:** `x86_64-unknown-linux-gnu`, Rust `stable`, `file_io`, `rust_native_crypto`, `glibc`, **build artifacts**
-* **Emscripten:** `wasm32-unknown-emscripten`, Rust `stable`, `file_io`, `fetch_remote_manifests`, `rust_native_crypto`, **build artifacts**
+* **Emscripten:** `wasm32-unknown-emscripten`, Rust `stable`, `file_io`, `rust_native_crypto`, **build artifacts**
 * **MacOS:** `aarch64-apple-darwin`, Rust `stable`, `file_io`, `rust_native_crypto`, **build artifacts**
 * **Windows:** `x86_64-pc-windows-msvc`, Rust `stable`, `file_io`, `rust_native_crypto`, **build artifacts**
 * **iOS:** `aarch64-apple-ios` | `x86_64-apple-ios` | `aarch64-apple-ios-sim`, `file_io`, `rust_native_crypto`, **build artifacts**

diff --git a/docs/usage.md b/docs/usage.md
@@ -53,7 +53,6 @@ These features are enabled by default:
 Other features:
 
 - **add_thumbnails**: Adds the [`image`](https://github.com/image-rs/image) crate to enable auto-generated thumbnails, if possible and enabled in settings.
-- **fetch_remote_manifests**: Fetches remote manifests over the network when no embedded manifest is present and that option is enabled in settings.
 - **file_io**: Enables APIs that use file system I/O.
 - **json_schema**: Adds the [`schemars`](https://github.com/GREsau/schemars) crate to derive JSON schemas for JSON-compatible structs.
 - **pdf**: Enables basic PDF read support.
@@ -73,6 +72,7 @@ WARNING: These features are for advanced users. Most people can ignore them. The
 
 The following features are no longer supported:
 
+* **fetch_remote_manifests**. Fetching remote manifests can now be enabled with the `verify.remote_manifest_fetch` setting.
 * **v1_api**. The old API that this enabled has been removed.
 * **serialize_thumbnails**. Thumbnails can be serialized by accessing resources directly.
 
@@ -123,4 +123,3 @@ The default operation of C2PA signing is to embed a C2PA manifest store into an
 - If you don't embed, then the original asset is unmodified and there is no need to write one out.
 - The remote URL can be set with `builder.remote_url`.
 - If embedding is not needed, set the `builder.no_embed` flag to `true`.
-
diff --git a/make_test_images/Cargo.toml b/make_test_images/Cargo.toml
@@ -13,7 +13,6 @@ unexpected_cfgs = { level = "warn", check-cfg = ['cfg(test)'] }
 [dependencies]
 anyhow = "1.0.40"
 c2pa = { path = "../sdk", version = "0.78.7", features = [
-	"fetch_remote_manifests",
 	"file_io",
 	"add_thumbnails",
 	"pdf",

diff --git a/sdk/Cargo.toml b/sdk/Cargo.toml
@@ -31,7 +31,6 @@ rustdoc-args = ["--cfg", "docsrs"]
 default = ["openssl", "default_http"]
 add_thumbnails = ["image"]
 file_io = []
-fetch_remote_manifests = ["dep:wasi"]
 json_schema = ["dep:schemars"]
 openssl = [
     "dep:openssl",

diff --git a/sdk/src/builder.rs b/sdk/src/builder.rs
@@ -5140,7 +5140,6 @@ mod tests {
     /// example of creating a builder directly with a [`ManifestDefinition`]
     #[c2pa_test_async]
     /// test if the sdk can add a cloud ingredient retrieved from a stream and a cloud manifest
-    // This works with or without the fetch_remote_manifests feature
     async fn test_add_cloud_ingredient() {
         crate::settings::reset_default_settings().ok();
 

diff --git a/sdk/src/ingredient.rs b/sdk/src/ingredient.rs
@@ -1793,7 +1793,6 @@ mod tests {
         );
     }
 
-    #[cfg(feature = "fetch_remote_manifests")]
     #[c2pa_test_async]
     async fn test_jpg_cloud_from_memory() {
         crate::settings::set_settings_value("verify.verify_trust", false).unwrap();
@@ -1815,11 +1814,10 @@ mod tests {
         assert_eq!(ingredient.validation_status(), None);
     }
 
-    #[cfg(not(any(feature = "fetch_remote_manifests", feature = "file_io")))]
     #[c2pa_test_async]
-    async fn test_jpg_cloud_from_memory_no_file_io() {
+    async fn test_jpg_cloud_from_memory_no_remote_fetch() {
         crate::settings::set_settings_value("verify.verify_trust", false).unwrap();
-        crate::settings::set_settings_value("verify.remote_manifest_fetch", true).unwrap();
+        crate::settings::set_settings_value("verify.remote_manifest_fetch", false).unwrap();
 
         let image_bytes = include_bytes!("../tests/fixtures/cloud.jpg");
         let format = "image/jpeg";
@@ -2065,7 +2063,6 @@ mod tests_file_io {
     }
 
     #[test]
-    #[cfg(feature = "fetch_remote_manifests")]
     fn test_jpg_cloud_failure() {
         let ap = fixture_path("cloudx.jpg");
         let ingredient = Ingredient::from_file(ap).expect("from_file");

diff --git a/sdk/src/lib.rs b/sdk/src/lib.rs
@@ -161,7 +161,6 @@
 //!
 //! Other features:
 //! - **add_thumbnails**: Adds the [`image`](https://github.com/image-rs/image) crate to enable auto-generated thumbnails, if possible and enabled in settings.
-//! - **fetch_remote_manifests**: Fetches remote manifests over the network when no embedded manifest is present and that option is enabled in settings.
 //! - **file_io**: Enables APIs that use filesystem I/O.
 //! - **json_schema**: Adds the [`schemars`](https://github.com/GREsau/schemars) crate to derive JSON schemas for JSON-compatible structs.
 //! - **pdf**: Enables basic PDF read support.