fix: use time-constant comparison for CSRF tokens (#12188)
This hardens the framework against a theoretical timing attack based on
comparing how quickly a request with an invalid CSRF token is rejected.
Cherry-picked from: https://github.com/vaadin/flow/pull/9875
Move call to getMessageHandler().onResynchronize(); to right place (#12178)
https://github.com/vaadin/framework/pull/12043 changed resync message sending to be deferred to queue. Now also the setting of the semaphor in message handler needs to be deferred to its right place. Otherwise there is possibility for a timing glitch. I.e. MessageHandler is set to resync handling mode before message is actually send.
Fixes: https://github.com/vaadin/framework/issues/12151
Add getter for presentationProvider in Grid.Column (#10323) (#12060)
Without access to the presentation provider used for a column, it is often not possible to reconstruct the data as shown on the end-user's screen
This commit adds a getter method to Grid.Column to allow access to this provider
Fix to LayoutManager size calculations during transform. (#12138)
* Fix to LayoutManager size calculations during transform.
- ComputedStyle is slower but more reliable than using
getBoundingClientRect, which does not work as expected if a transform
has been applied to the element or one of its parents. This is a problem
e.g. with PopupView, where getBoundingClientRect will return too small
size (or even zero size) for all the popup contents while the opening
animation is active. ComputedStyle ignores the transform and returns the
expected value.
- The presence of the element in DOM must be checked before the size is
requested from ComputedStyle, if the element has disappeared from DOM
without a warning and calculation is attempted anyway, the browser gets
stuck.
- Possibility to configure LayoutManager to use the less reliable
calculations for applications where the slight performance difference is
more important than layout issues within elements that have transform
animations.
- Manual test, problem isn't reproducible by TestBench.
Fixes: #11187
Tweaks to Grid/Escalator column size handling (#12145)
- ScrollbarBundle: removed delays in scroll handling that were only
needed for IE8, added possibility to update offsetSize and scrollSize at
the same time in order to avoid triggering unnecessary scrollbar
visibility change events during the intermediate state.
- ColumnConfigurator: added new method that allows setting column widths
without triggering element size recalculations.
- EscalatorProxy: added implementation of the new method to
ColumnConfigurationProxy.
- Escalator: switched to use new methods in ScrollbarBundle and
ColumnConfigurator, added a pixel to a scrollbar offsetSize calculation
that was for some reason consistently one pixel too low, removed
duplicate method calls from sectionHeightCalculated handling as those
are already handled by the calling method and can cause incorrect
intermediate state and unnecessary scrollbar visibility change events,
added implementation of the new method to ColumnConfigurationImpl with
the element size recalculations made optional.
- Grid: updated column minimum width calculations to take into account
the potential presence of a resize handle, updated expand ratio handling
to not trigger element size recalculations until the entire handling is
finished.
- Test for column width handling when there are multiple columns with
setMinimumWidthFromContent(false)
Fixes #12139
Use generated id of the menu item to help testing of the menubar (#12124)
Use generated IDs for MenuItems when an ID is set for MenuBar. Tying the ID to MenuBar's ID helps with the possible case of having multiple MenuBars on the same view and avoids to have excess id's when not needed.
Fixes: https://github.com/vaadin/framework/issues/8186
When a Grid gets scroll-locked, cancel the scrollInProgress handler. (#12116)
Otherwise opening a Grid editor can cause ApplicationConnection to get
stuck in 'active' state even if no actual scroll position processing is
ongoing, which in turn causes TestBench delays when it tries to wait
until ApplicationConnection indicates that everything necessary has been
processed.
Add 1px buffer to Escalator column natural widths. (#12075)
* Add 1px buffer to Escalator column natural widths.
The purpose of the buffer is to avoid subpixel handling issues,
especially when zoomed in or out.
In case fractions need to be adjusted for browser compatibility, round
up to ensure the contents have the space they need.
Fixes #12048