Merged column headers should work within declarative Grid. (#12206) (#12223)
* Merged column headers should work within declarative Grid. (#12206)
- null check to prevent NPE from the merged column headers
- convert to internal columnIds for merge handling
- use correct cell in merge handling
- switch away from streams in merge handling for easier readability
- regression test
Fixes: #10464
Clear out ClientCache when UI is detached to prevent a minor memory leak (#12220)
* Clear out ClientCache when UI is detached to prevent a minor memory leak (#12199)
* Clear out ClientCache when UI is detached to prevent a minor memory leak
Implemented with a listener rather than direct call from UI.detach() in
order to avoid new public API, since the whole feature has been marked
for removal. This doesn't yet prevent the cache or the type map from
getting slightly bloated during the UI's lifetime.
See: #3705
fix: use time-constant comparison for CSRF tokens (#12188) (#12196)
This hardens the framework against a theoretical timing attack based on
comparing how quickly a request with an invalid CSRF token is rejected.
Cherry-picked from: https://github.com/vaadin/flow/pull/9875
Authored-by: Tatu Lund <tatu@vaadin.com>
fix: use time-constant comparison for security tokens (#12189) (#12195)
This is the same as https://github.com/vaadin/framework/pull/12188,
but also applied for the upload security key
and the push id since both of those are also used to protect against
cross-site attacks. In addition, documentation for the push id is
clarified to point out its role.
Cherry-picked from: https://github.com/vaadin/flow/pull/9896
Authored-by: Tatu Lund <tatu@vaadin.com>
Move call to getMessageHandler().onResynchronize(); to right place (#12178) (#12184)
https://github.com/vaadin/framework/pull/12043 changed resync message sending to be deferred to queue. Now also the setting of the semaphor in message handler needs to be deferred to its right place. Otherwise there is possibility for a timing glitch. I.e. MessageHandler is set to resync handling mode before message is actually send.
Fixes: https://github.com/vaadin/framework/issues/12151
Authored-by: Tatu Lund <tatu@vaadin.com>
Tweaks to Grid/Escalator column size handling (#12145) (#12157)
- ScrollbarBundle: removed delays in scroll handling that were only
needed for IE8, added possibility to update offsetSize and scrollSize at
the same time in order to avoid triggering unnecessary scrollbar
visibility change events during the intermediate state.
- ColumnConfigurator: added new method that allows setting column widths
without triggering element size recalculations.
- EscalatorProxy: added implementation of the new method to
ColumnConfigurationProxy.
- Escalator: switched to use new methods in ScrollbarBundle and
ColumnConfigurator, added a pixel to a scrollbar offsetSize calculation
that was for some reason consistently one pixel too low, removed
duplicate method calls from sectionHeightCalculated handling as those
are already handled by the calling method and can cause incorrect
intermediate state and unnecessary scrollbar visibility change events,
added implementation of the new method to ColumnConfigurationImpl with
the element size recalculations made optional.
- Grid: updated column minimum width calculations to take into account
the potential presence of a resize handle, updated expand ratio handling
to not trigger element size recalculations until the entire handling is
finished.
- Test for column width handling when there are multiple columns with
setMinimumWidthFromContent(false)
Fixes #12139
Use generated id of the menu item to help testing of the menubar (#12124) (#12156)
Use generated IDs for MenuItems when an ID is set for MenuBar. Tying the ID to MenuBar's ID helps with the possible case of having multiple MenuBars on the same view and avoids to have excess id's when not needed.
Fixes: https://github.com/vaadin/framework/issues/8186
Authored-by: Tatu Lund <tatu@vaadin.com>
When a Grid gets scroll-locked, cancel the scrollInProgress handler. (#12116) (#12127)
Otherwise opening a Grid editor can cause ApplicationConnection to get
stuck in 'active' state even if no actual scroll position processing is
ongoing, which in turn causes TestBench delays when it tries to wait
until ApplicationConnection indicates that everything necessary has been
processed.
Anna Koskinen
Zhe Sun
Tatu Lund
vt512
Tarek Oraby
Clemens von Schwerin