* Update dependencies
atmosphere-runtime: 2.2.13.vaadin3
jsoup: 1.14.3
* Update Atmosphere version in Constants.java
Co-authored-by: Anna Koskinen <Ansku@users.noreply.github.com>
Update Vaadin7 to use atmosphere-runtime 2.2.13.vaadin2 (#12430)
* Update Vaadin7 to use atmosphere-runtime 2.2.13.vaadin2
* Update Constants.java
* Chrome 94 (#12434)
* Added logging for generateArchetype in BuildHelpers
* Chrome 94 screenshot changes and version number
Co-authored-by: Olli Tietäväinen <ollit@vaadin.com>
fix: set Vaadin session attribute using lock in reinitializeSession (#12409)
* fix: set Vaadin session attribute using lock in reinitializeSession
* Add unit test
* Revert
* Add unit test
Backport to Java 6
* Add imports
* More Java 6
Clear out ClientCache when UI is detached to prevent a minor memory leak (#12200)
Implemented with a listener rather than direct call from UI.detach() in
order to avoid new public API, since the whole feature has been marked
for removal. This doesn't yet prevent the cache or the type map from
getting slightly bloated during the UI's lifetime.
See: #3705
Cherry-picked from: #12199
fix: use time-constant comparison for CSRF tokens (#12190)
This hardens the framework against a theoretical timing attack based on
comparing how quickly a request with an invalid CSRF token is rejected.
Backporting of #12188
fix: use time-constant comparison for security tokens (#12192)
This is the same as #12190, but also applied for the upload security key
and the push id since both of those are also used to protect against
cross-site attacks. In addition, documentation for the push id is
clarified to point out its role.
Backporting of #12189
Use APPLICATION_SCOPE for the session lock (#11804)
* Use APPLICATION_SCOPE for the session lock
To be able to do this, relevant methods in VaadinService are made protected so
that VaadinPortletService can override them.
The Vaadin session itself is also stored in APPLICATION_SCOPE. The default
scope is PORTLET_SCOPE, so lock would otherwise not be in sync with
the session.
* Improve VMenuBar click handling logic
Backport to V7:
During `updateFromUIDL` inside MenuBarConnector we empty and re-instantiate the components of MenuBar. When we are modifying the Menubar from the BlurEventListener of another component, we ,by this, remove widgets, therefore clickEvent is not fired and the action of the MenuItem is not proceed as a result. (The BlurEvent is fired before the click event in the chain of events. )
To improve the situation, we catch onMouseDown event , which is fired before BlurEvent,by assigning mouseDown flag to true. Then if no click event has yet happened, we delay the execution of update inside `updateFromUIDL` by default 500 ms. Then if click event occurs, it proceeds normally. The time can be increased/decreased using setter.
There is no delay, if we are clicking on the MenuBar as usual or no Blur listener is set.
This change allows setting descriptions preserving the action from the MenuItem
(cherry picked from commit 22cc85c76f)
* Improve VMenuBar click handling logic
Add missing files from the first commit
Backported to V7:
(cherry picked from commit 22cc85c)
Fix Combo Box filtered on Property not showing results when page length is zero (#11247)
* Fix #11246
Take zero pageLength into account when calculating filtered ComboBox contents.
* Create ComboboxPageLengthZeroFilterTest.java
* add UI tests for fix
Add fallback resolvers for CurrentInstance (#10974)
* Add fallback resolvers for CurrentInstance
This allow applications to inject custom default instances when the
current instances cannot be found by regular means.
For example, when VaadinServlet.getCurrent() would return null, a
fallback resolver could be invoked to properly create the servlet and
return it.
* Make the setting of CurrentInstanceFallbackResolvers protected
* Remove the default constructor. Improve test.
* Made setFallbackResolver public again
* Rename the method to defineFallbackResolver, and make it throw when a
type is used twice
* Make the method thread-safe
* Make the method thread-safe in a Java 6 way
* Thread safety with ConcurrentHashMap API instead of just Map
* Improve test with fake classes.
* Clear the test state after it has been run.
Open methods to allow custom static file serving logic (#10910)
* Open methods to allow custom static file serving logic
The methods serveStaticResources and serveStaticResourcesInVAADIN have
been changed from private to protected to allow subclasses to change how
static files are served.
Use separate identifier for push connections (#9150)
By using a separate id we can avoid sending the sessions
CSRF token as a GET parameter when initializing a push connection.
Cherry-picked from #8700 to the 7.7 branch.
Fix occasional empty rows in Table and TreeTable (#9551)
There's an intermittently happening issue with both Table and TreeTable, which results in row data disappearing.
This change removes a method which is probably a vestigial one from over five years ago and other changes are handling the things the method used to perform. Currently the method removes rows deemed unnecessary from the row buffer. The problem is, those rows are visible to the user and removing causes row contents to be lost.
Also included are manually runnable test cases which demonstrate that this removal actually prevents the issue from happening.
Fixes #7964
Fixes #5030
Do full connector tracker cleanup when the session lock is released (#9707) (#9730)
As there is no "request end" call after invoking UI.access() from a background thread,
the connector map was not earlier properly cleaned afterwards. If you toggled visibility of a
component from the background thread, the tracker state became inconsistent.
If this becomes a performance problem, it could probably be optimized to that cleanup
is done in request end and only at the end of access if not inside a request.
Backported from master
Fixes #9693