fixes incorrect JSONArray/String usage in ServerRpcHandler (#14471)
As described by Johannes, the RPCRequest constructor first takes whole
JSON as string and builds its attribute json from it (by parsing).
Then it reads from this parsed JSON the array called "rpc".
However it previously did a .toString on it only to re-parse it.
Newer json versions complain that "rpc" is not a string, but an array.
Change-Id: If4bb45abad551b183d757f0aa326c37c070ce103
Remove csrfToken if disable-xsrf-protection is true (#14111)
If the server sends no token and the client value remains "init" then
it's not sent back to the server.
Change-Id: I74fc470c5c22d57c4a48eab3e4476ae4cc2dd242
Optimizes initial sizes of frequently used Collections. (#14223)
There are a few places in frequently used core classes which could
initialize collection classes with the correct (or slightly oversized)
length.
Maps are initialized with 2x the size due to its load factor.
Change-Id: I3aee5a60602937a8550ca5a200ec2a529ff36fe9
* ConnectorTracker.getConnector() is now DnDService-aware
* Deprecated LCM.getDragAndDropService() is removed
* LCM.getConnector() simply delegates to ConnectorTracker.getConnector()
Change-Id: I9627d50f7386ead8d92ccbba27b4a558c03076c7
Verify CSRF token before accepting new CSRF connection (#11635)
* Can't open push connection during client-side init because CSRF token
is not available at that point. This allows simplifying the
initialization because the push state will not be checked until the
first response has been processed.
* Add helper for checking the CSRF token
Change-Id: I31da1ac669dc9a581cbd66f58c07f10ea4b8b676
Add isPushRequest() check to VaadinServletService.isOtherRequest() (#11556)
* Prevents VaadinService from creating a new session for push requests
* Also unify behaviour when UI is not found in session (log and return)
Change-Id: Iea0e4ae5e0b5fa81404f688aa6d92d16343ebd26
Removed CommunicationManager and PortletCommunicationManager
* Moved AbstractCommunicationManager abstract methods
getThemeResourceAsStream and createBootstrapHandler to VaadinService
* Made ACM non-abstract and renamed to LegacyCommunicationManager
* Lifted anonymous inner BootstrapHandler subclasses into named public classes
Change-Id: I31739ce8a506d572e75ca8cd5509be215e01693d
* Move UIDL writing from AbstractCommunicationManager to UidlWriter
* Move request handling from ACM to RequestHandlers
* Move server RPC message handling to ServerRpcHandler
* Move portlet event notifications to PortletListenerNotifier (a RequestHandler)
* Communication handlers reside in c.v.server.communication
Change-Id: I087e923dbdf88c6b3fcaafbdb7f685d9d3dad0c1