diff --git a/meteor b/meteor
index 86f47df4e7..f9419c26db 100755
--- a/meteor
+++ b/meteor
@@ -113,17 +113,17 @@ fi
DEV_BUNDLE="$SCRIPT_DIR/dev_bundle"
METEOR="$SCRIPT_DIR/tools/index.js"
+# Set the nofile ulimit as high as permitted by the hard-limit/kernel
+if [ "$(ulimit -Sn)" != "unlimited" ]; then
+ if [ "$(uname -s)" = "Darwin" ]; then
+ maxfilesuse="$(sysctl -n kern.maxfilesperproc)"
+ else
+ maxfilesuse="$(ulimit -Hn)"
+ fi
-# Bump our file descriptor ulimit as high as it will go. This is a
-# temporary workaround for dependancy watching holding open too many
-# files: https://app.asana.com/0/364581412985/472479912325
-if [ "$(ulimit -n)" != "unlimited" ] ; then
- ulimit -n 16384 > /dev/null 2>&1 || \
- ulimit -n 8192 > /dev/null 2>&1 || \
- ulimit -n 4096 > /dev/null 2>&1 || \
- ulimit -n 2048 > /dev/null 2>&1 || \
- ulimit -n 1024 > /dev/null 2>&1 || \
- ulimit -n 512 > /dev/null 2>&1
+ if [ -n "${maxfilesuse}" ] && [ "${maxfilesuse}" != "unlimited" ]; then
+ ulimit -Sn ${maxfilesuse} > /dev/null 2>&1
+ fi
fi
# We used to set $NODE_PATH here to include the node_modules from the dev
diff --git a/packages/boilerplate-generator/boilerplate_web.cordova.html b/packages/boilerplate-generator/boilerplate_web.cordova.html
index 9c4f7fac4c..5cb90f70f9 100644
--- a/packages/boilerplate-generator/boilerplate_web.cordova.html
+++ b/packages/boilerplate-generator/boilerplate_web.cordova.html
@@ -4,7 +4,7 @@
-
+
{{! We are explicitly not using bundledJsCssUrlRewriteHook: in cordova we serve assets up directly from disk, so rewriting the URL does not make sense }}
diff --git a/packages/browser-policy-content/browser-policy-content.js b/packages/browser-policy-content/browser-policy-content.js
index 78738313e4..49fb21ff3a 100644
--- a/packages/browser-policy-content/browser-policy-content.js
+++ b/packages/browser-policy-content/browser-policy-content.js
@@ -102,19 +102,26 @@ var addSourceForDirective = function (directive, src) {
if (_.contains(_.values(keywords), src)) {
cspSrcs[directive].push(src);
} else {
- src = src.toLowerCase();
-
- // Trim trailing slashes.
- src = src.replace(/\/+$/, '');
-
var toAdd = [];
- // If there is no protocol, add both http:// and https://.
- if (! /^([a-z0-9.+-]+:)/.test(src)) {
- toAdd.push("http://" + src);
- toAdd.push("https://" + src);
+
+ //Only add single quotes to CSP2 script digests
+ if (/^(sha(256|384|512)-)/i.test(src)) {
+ toAdd.push("'" + src + "'");
} else {
- toAdd.push(src);
+ src = src.toLowerCase();
+
+ // Trim trailing slashes.
+ src = src.replace(/\/+$/, '');
+
+ // If there is no protocol, add both http:// and https://.
+ if (! /^([a-z0-9.+-]+:)/.test(src)) {
+ toAdd.push("http://" + src);
+ toAdd.push("https://" + src);
+ } else {
+ toAdd.push(src);
+ }
}
+
_.each(toAdd, function (s) {
cspSrcs[directive].push(s);
});
diff --git a/packages/mongo/collection.js b/packages/mongo/collection.js
index d28cf4bc05..8e7d505a99 100644
--- a/packages/mongo/collection.js
+++ b/packages/mongo/collection.js
@@ -704,7 +704,7 @@ Mongo.Collection.prototype._createCappedCollection = function (byteSize, maxDocu
};
/**
- * @summary Returns the [`Collection`](http://mongodb.github.io/node-mongodb-native/1.4/api-generated/collection.html) object corresponding to this collection from the [npm `mongodb` driver module](https://www.npmjs.com/package/mongodb) which is wrapped by `Mongo.Collection`.
+ * @summary Returns the [`Collection`](http://mongodb.github.io/node-mongodb-native/2.2/api/Collection.html) object corresponding to this collection from the [npm `mongodb` driver module](https://www.npmjs.com/package/mongodb) which is wrapped by `Mongo.Collection`.
* @locus Server
*/
Mongo.Collection.prototype.rawCollection = function () {
@@ -716,7 +716,7 @@ Mongo.Collection.prototype.rawCollection = function () {
};
/**
- * @summary Returns the [`Db`](http://mongodb.github.io/node-mongodb-native/1.4/api-generated/db.html) object corresponding to this collection's database connection from the [npm `mongodb` driver module](https://www.npmjs.com/package/mongodb) which is wrapped by `Mongo.Collection`.
+ * @summary Returns the [`Db`](http://mongodb.github.io/node-mongodb-native/2.2/api/Db.html) object corresponding to this collection's database connection from the [npm `mongodb` driver module](https://www.npmjs.com/package/mongodb) which is wrapped by `Mongo.Collection`.
* @locus Server
*/
Mongo.Collection.prototype.rawDatabase = function () {
diff --git a/packages/mongo/connection_options.js b/packages/mongo/connection_options.js
index c061513e0f..a5e746c4ca 100644
--- a/packages/mongo/connection_options.js
+++ b/packages/mongo/connection_options.js
@@ -1,6 +1,6 @@
/**
* @summary Allows for user specified connection options
- * @example http://mongodb.github.io/node-mongodb-native/2.1/reference/connecting/connection-settings/
+ * @example http://mongodb.github.io/node-mongodb-native/2.2/reference/connecting/connection-settings/
* @locus Server
* @param {Object} options User specified Mongo connection options
*/
diff --git a/packages/oauth1/oauth1_server.js b/packages/oauth1/oauth1_server.js
index 2d4794c7be..8aee39fce5 100644
--- a/packages/oauth1/oauth1_server.js
+++ b/packages/oauth1/oauth1_server.js
@@ -1,5 +1,26 @@
var url = Npm.require("url");
+OAuth._queryParamsWithAuthTokenUrl = function (authUrl, oauthBinding, params, whitelistedQueryParams) {
+ params = params || {};
+ var redirectUrlObj = url.parse(authUrl, true);
+
+ _.extend(
+ redirectUrlObj.query,
+ _.pick(params.query, whitelistedQueryParams),
+ {
+ oauth_token: oauthBinding.requestToken,
+ }
+ );
+
+ // Clear the `search` so it is rebuilt by Node's `url` from the `query` above.
+ // Using previous versions of the Node `url` module, this was just set to ""
+ // However, Node 6 docs seem to indicate that this should be `undefined`.
+ delete redirectUrlObj.search;
+
+ // Reconstruct the URL back with provided query parameters merged with oauth_token
+ return url.format(redirectUrlObj);
+};
+
// connect middleware
OAuth._requestHandlers['1'] = function (service, query, res) {
var config = ServiceConfiguration.configurations.findOne({service: service.serviceName});
@@ -30,19 +51,19 @@ OAuth._requestHandlers['1'] = function (service, query, res) {
oauthBinding.requestTokenSecret);
// support for scope/name parameters
- var redirectUrl = undefined;
+ var redirectUrl;
+ var authParams = {
+ query: query
+ };
+
if(typeof urls.authenticate === "function") {
- redirectUrl = urls.authenticate(oauthBinding, {
- query: query
- });
+ redirectUrl = urls.authenticate(oauthBinding, authParams);
} else {
- // Parse the URL to support additional query parameters in urls.authenticate
- var redirectUrlObj = url.parse(urls.authenticate, true);
- redirectUrlObj.query = redirectUrlObj.query || {};
- redirectUrlObj.query.oauth_token = oauthBinding.requestToken;
- redirectUrlObj.search = '';
- // Reconstruct the URL back with provided query parameters merged with oauth_token
- redirectUrl = url.format(redirectUrlObj);
+ redirectUrl = OAuth._queryParamsWithAuthTokenUrl(
+ urls.authenticate,
+ oauthBinding,
+ authParams
+ );
}
// redirect to provider login, which will redirect back to "step 2" below
diff --git a/packages/twitter/package.js b/packages/twitter/package.js
index c44b5fdd74..e790c4e12f 100644
--- a/packages/twitter/package.js
+++ b/packages/twitter/package.js
@@ -18,6 +18,8 @@ Package.onUse(function(api) {
['twitter_configure.html', 'twitter_configure.js'],
'client');
+ api.addFiles('twitter_common.js', ['server', 'client']);
+
api.addFiles('twitter_server.js', 'server');
api.addFiles('twitter_client.js', 'client');
});
diff --git a/packages/twitter/twitter_client.js b/packages/twitter/twitter_client.js
index be8e64bd9c..b42e775364 100644
--- a/packages/twitter/twitter_client.js
+++ b/packages/twitter/twitter_client.js
@@ -1,5 +1,3 @@
-Twitter = {};
-
// Request Twitter credentials for the user
// @param options {optional} XXX support options.requestPermissions
// @param credentialRequestCompleteCallback {Function} Callback function to call on
@@ -38,9 +36,14 @@ Twitter.requestCredential = function (options, credentialRequestCompleteCallback
}
}
- // Handle force login (request the user to enter their credentials)
- if (options && options.force_login) {
- loginPath += "&force_login=true";
+ // Support additional, permitted parameters
+ if (options) {
+ var hasOwn = Object.prototype.hasOwnProperty;
+ Twitter.validParamsAuthenticate.forEach(function (param) {
+ if (hasOwn.call(options, param)) {
+ loginPath += "&" + param + "=" + encodeURIComponent(options[param]);
+ }
+ });
}
var loginUrl = Meteor.absoluteUrl(loginPath);
diff --git a/packages/twitter/twitter_common.js b/packages/twitter/twitter_common.js
new file mode 100644
index 0000000000..6d6d79e177
--- /dev/null
+++ b/packages/twitter/twitter_common.js
@@ -0,0 +1,6 @@
+Twitter = {};
+
+Twitter.validParamsAuthenticate = [
+ 'force_login',
+ 'screen_name'
+];
diff --git a/packages/twitter/twitter_server.js b/packages/twitter/twitter_server.js
index efbb6e88a3..d597f0db1e 100644
--- a/packages/twitter/twitter_server.js
+++ b/packages/twitter/twitter_server.js
@@ -1,13 +1,17 @@
-Twitter = {};
-
var urls = {
requestToken: "https://api.twitter.com/oauth/request_token",
authorize: "https://api.twitter.com/oauth/authorize",
accessToken: "https://api.twitter.com/oauth/access_token",
- authenticate: "https://api.twitter.com/oauth/authenticate"
+ authenticate: function (oauthBinding, params) {
+ return OAuth._queryParamsWithAuthTokenUrl(
+ "https://api.twitter.com/oauth/authenticate",
+ oauthBinding,
+ params,
+ Twitter.validParamsAuthenticate
+ );
+ }
};
-
// https://dev.twitter.com/docs/api/1.1/get/account/verify_credentials
Twitter.whitelistedFields = ['profile_image_url', 'profile_image_url_https', 'lang', 'email'];