aboutsummaryrefslogtreecommitdiffstats
path: root/server
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright year (#12243)Anna Koskinen2021-03-16511-512/+512
|
* Use latest license checker (#12210)Artur2021-03-091-1/+1
|
* Clear thread local instances on connection lost in push handler (#12042) ↵Anna Koskinen2021-02-155-5/+185
| | | | | | | (#12201) Adopted from https://github.com/vaadin/flow/pull/8567 Authored-by: Tatu Lund <tatu@vaadin.com>
* Clear out ClientCache when UI is detached to prevent a minor memory leak ↵Anna Koskinen2021-02-151-1/+23
| | | | | | | | | | | | (#12200) Implemented with a listener rather than direct call from UI.detach() in order to avoid new public API, since the whole feature has been marked for removal. This doesn't yet prevent the cache or the type map from getting slightly bloated during the UI's lifetime. See: #3705 Cherry-picked from: #12199
* fix: use time-constant comparison for CSRF tokens (#12190)Tatu Lund2021-02-041-1/+11
| | | | | | This hardens the framework against a theoretical timing attack based on comparing how quickly a request with an invalid CSRF token is rejected. Backporting of #12188
* fix: use time-constant comparison for security tokens (#12192)Tatu Lund2021-02-033-5/+19
| | | | | | | | This is the same as #12190, but also applied for the upload security key and the push id since both of those are also used to protect against cross-site attacks. In addition, documentation for the push id is clarified to point out its role. Backporting of #12189
* Make checkAtmosphereSupport() non-static (#12136)Tatu Lund2020-11-271-3/+6
| | | Cherry pick https://github.com/vaadin/framework/pull/12131
* Change license from Apache-2 to CVDLv4 (#12144)Tatu Lund2020-11-18510-2552/+2568
| | | | | | | | | | | | | | * Change license from Apache-2 to CVDLv4 * Update header for checkstyle * Add license checker * Fix reference header * Fix license header * Update Chrome version
* Update regexp pattern to safer one (#12104)Tatu Lund2020-09-302-2/+13
| | | Fixes: https://github.com/vaadin/framework/issues/7757
* Determine Push transport before re-connect (#11988)Tatu Lund2020-05-111-9/+6
| | | | | | | onConnect was allways called with websocket = false. I think this is wrong, since if there was connection loss in websocket, now connection cannot be re-established in websocket mode. Fixes: https://github.com/vaadin/framework/issues/7190 Cherry pick of https://github.com/vaadin/framework/pull/11884
* Use APPLICATION_SCOPE for the session lock (#11804)Tatu Lund2019-11-133-4/+44
| | | | | | | | | | * Use APPLICATION_SCOPE for the session lock To be able to do this, relevant methods in VaadinService are made protected so that VaadinPortletService can override them. The Vaadin session itself is also stored in APPLICATION_SCOPE. The default scope is PORTLET_SCOPE, so lock would otherwise not be in sync with the session.
* Sanitize caption used in Grid header Tatu Lund2019-07-021-0/+2
| | | Cherry pick of https://github.com/vaadin/framework/pull/11644
* Table / TreeTable multiselect disabling of touch detection (#11641)Olli Tietäväinen2019-07-011-1/+34
| | | | | | * Fixes #11601. Add toggle for disabling touch detection on table multiselect. * fix tests
* added missing since 7.7.16 (#11418)7.7.16Olli Tietäväinen2019-01-111-2/+2
|
* V7: Improve VMenuBar click handling logic (#11362)Anastasia Smirnova2018-12-141-0/+23
| | | | | | | | | | | | | | | | | | | | | | * Improve VMenuBar click handling logic Backport to V7: During `updateFromUIDL` inside MenuBarConnector we empty and re-instantiate the components of MenuBar. When we are modifying the Menubar from the BlurEventListener of another component, we ,by this, remove widgets, therefore clickEvent is not fired and the action of the MenuItem is not proceed as a result. (The BlurEvent is fired before the click event in the chain of events. ) To improve the situation, we catch onMouseDown event , which is fired before BlurEvent,by assigning mouseDown flag to true. Then if no click event has yet happened, we delay the execution of update inside `updateFromUIDL` by default 500 ms. Then if click event occurs, it proceeds normally. The time can be increased/decreased using setter. There is no delay, if we are clicking on the MenuBar as usual or no Blur listener is set. This change allows setting descriptions preserving the action from the MenuItem (cherry picked from commit 22cc85c76f28a762685204911ad66f95bda2d296) * Improve VMenuBar click handling logic Add missing files from the first commit Backported to V7: (cherry picked from commit 22cc85c)
* Fix Combo Box filtered on Property not showing results when page length is ↵Vlad2018-11-081-1/+2
| | | | | | | | | | | | zero (#11247) * Fix #11246 Take zero pageLength into account when calculating filtered ComboBox contents. * Create ComboboxPageLengthZeroFilterTest.java * add UI tests for fix
* 7.7 new atmosphere, fix tests, remove SSH requirementsIlia Motornyi2018-09-041-1/+1
|
* Empty sinces for 7.7.14 (#11114)7.7.14Olli Tietäväinen2018-08-157-11/+11
|
* Fixed typo (#11073)Ilia Motornyi2018-07-201-1/+1
|
* Add xsrf token header if cookie is present (#11040)Ilia Motornyi2018-07-181-100/+108
| | | Fixes #9471
* Memory leak fix in ConnectorTracker (#10743)doggy-dev2018-07-172-1/+6
| | | | | When finished with upload, streamVariable should be disposed. Now StreamVariable is removed also from streamVariableToSeckey. https://github.com/vaadin/framework/issues/10695 #10695
* Add fallback resolvers for CurrentInstance (#10974)Gilberto Torrezan2018-06-133-2/+220
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add fallback resolvers for CurrentInstance This allow applications to inject custom default instances when the current instances cannot be found by regular means. For example, when VaadinServlet.getCurrent() would return null, a fallback resolver could be invoked to properly create the servlet and return it. * Make the setting of CurrentInstanceFallbackResolvers protected * Remove the default constructor. Improve test. * Made setFallbackResolver public again * Rename the method to defineFallbackResolver, and make it throw when a type is used twice * Make the method thread-safe * Make the method thread-safe in a Java 6 way * Thread safety with ConcurrentHashMap API instead of just Map * Improve test with fake classes. * Clear the test state after it has been run.
* Open methods to allow custom static file serving logic (#10910)Gilberto Torrezan2018-05-111-2/+6
| | | | | | | | * Open methods to allow custom static file serving logic The methods serveStaticResources and serveStaticResourcesInVAADIN have been changed from private to protected to allow subclasses to change how static files are served.
* Added possibility to add listener for connectorMarkedDirty (#10876)Gilberto Torrezan2018-05-074-3/+331
|
* Update Copyright headers for year 2018 (#10762)Ilia Motornyi2018-03-28732-3911/+507
|
* Allow configuring content modes for Grid cell tooltips (#10396)Leif Åstrand2018-02-061-11/+100
|
* Fix removeUI assertions to work with proxy UIs (#10575)Teemu Suo-Anttila2018-01-291-2/+4
|
* Prevent killing UI if heartbeats are pending (#10371) (#10450)Olli Tietäväinen2017-12-201-5/+18
| | | | | | | | * Prevent killing UI if heartbeats are pending (#10371) Fixes #9663 * fixed Java 1.8 syntax -> 1.6
* Add disclaimers about performance to TreeTable (#10381)Teemu Suo-Anttila2017-11-291-0/+108
|
* added missing javadocs and since tags (#10315)7.7.12Olli Tietäväinen2017-11-131-1/+0
| | | | | | * added missing javadocs and since tags * fix formatting of javadocs
* Set no-store headers on UIDL messages (#10308)Olli Tietäväinen2017-11-131-3/+9
| | | | UIDL might contain sensitive information that we should prevent from being stored anywhere.
* Add missing @since tags and missing javadocs (#10155)7.7.11Olli Tietäväinen2017-10-101-5/+6
|
* Support null intermediate properties in NestedMethodProperty (#10085)Vassil Zorev2017-10-042-0/+9
| | | Ignore null intermediate properties in setValue().
* Implement error level on client side (#9816)Adam Wagner2017-09-263-3/+32
| | | | | Add additional class names and style to components and error indicators to distinguish different error levels. Vaadin 7 solution for #3139
* Use separate identifier for push connections (#9150)Olli Tietäväinen2017-08-103-11/+58
| | | | | | By using a separate id we can avoid sending the sessions CSRF token as a GET parameter when initializing a push connection. Cherry-picked from #8700 to the 7.7 branch.
* Fix occasional empty rows in Table and TreeTable (#9551)mlindfors2017-08-091-45/+0
| | | | | | | | There's an intermittently happening issue with both Table and TreeTable, which results in row data disappearing. This change removes a method which is probably a vestigial one from over five years ago and other changes are handling the things the method used to perform. Currently the method removes rows deemed unnecessary from the row buffer. The problem is, those rows are visible to the user and removing causes row contents to be lost. Also included are manually runnable test cases which demonstrate that this removal actually prevents the issue from happening. Fixes #7964 Fixes #5030
* Added loop and preload attributes for media elements, fixed null poster (#9161)Krassimir Valev2017-08-081-0/+43
| | | | | Fixes #7261 Fixes #5178 Fixes #4409
* Do full connector tracker cleanup when the session lock is released (#9707) ↵Artur2017-08-013-24/+9
| | | | | | | | | | | | | (#9730) As there is no "request end" call after invoking UI.access() from a background thread, the connector map was not earlier properly cleaned afterwards. If you toggled visibility of a component from the background thread, the tracker state became inconsistent. If this becomes a performance problem, it could probably be optimized to that cleanup is done in request end and only at the end of access if not inside a request. Backported from master Fixes #9693
* Allow changing NavigationStateManager (#9416)apolds2017-05-241-0/+4
| | | | | Unregister old NavigationStateManager before setting new one (backport of #9410). Fixes #9406
* Remove warning for shortcuts on disabled connector (#9369)Olli Tietäväinen2017-05-191-3/+0
| | | | | Remove unnecessary warning on server log when using shortcut on disabled connector. Fixes #6951
* Clean connector tracker after each access block to stop memory leaks (#9331)Artur2017-05-176-25/+137
| | | | | Immediately clean connectors which the client side does not know about Fixes #9303
* Fix bug column and row expand ratio are not persisted Tien Nguyen2017-04-062-14/+31
| | | Fixes #9009
* Include charset in text/html responses (#8777)Artur2017-03-094-6/+11
| | | Fixes #8775
* Correctly detach header/footer components when column is removed (#8645)Artur2017-03-092-2/+98
| | | | | | | | | | | | * Correctly detach header/footer components when column is removed Fixes #8638 * Merge branch '7.7' into _detach-header-components-on-remove-column * Merge branch '7.7' into _detach-header-components-on-remove-column * Merge branch '7.7' into _detach-header-components-on-remove-column
* Handle unknown connectors consistently and quietly as described in #8111 (#8741)Artur2017-03-072-6/+63
| | | Fixes #8629
* Remove unnecessary full classnames and parenthesis from code (#8681)Teemu Suo-Anttila2017-03-0269-1237/+385
| | | This change aims to reduce the number of false positives when comparing Vaadin 7 compatibility package in Vaadin 8 and actual Vaadin 7.7 branch. Conflicting parts are moved to imports as much as possible. Files have been formatted with same Eclipse version.
* Update missing since tags for 7.7.7 (#8474)7.7.7Pekka Hyvönen2017-02-075-1/+9
| | | | * Add missing since tags for 7.7.7
* Call "destroy" instead of "destory" in JavaScriptRenders (#8263)Artur2017-02-011-1/+1
| | | | | | | | | | | | | | | | | | * Call "destroy" instead of "destory" in JavaScriptRenders For backwards compatibility, calls "destory" if no "destroy" exists Fixes #8162 * Merge branch '7.7' into _js-renderer-destory * Merge branch '7.7' into _js-renderer-destory * Merge branch '7.7' into _js-renderer-destory * Merge branch '7.7' into _js-renderer-destory * Merge branch '7.7' into _js-renderer-destory
* Add method for refreshing all Grid rows (#8406)Artur2017-02-011-0/+7
| | | | | | * Add method for refreshing all Grid rows Fixes #8350
* Make it possible to disallow user selection in Grid (#8144)Artur2017-01-304-18/+282
| | | Fixes #7880
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-22 19:33:07 +0000