- Remove starter-browser-policy and replace it with
BrowserPolicy.enableContentSecurityPolicy(), which gives you the starter
policy and allows you to use the other BrowserPolicy functions to configure
it. This is motivated by the fact that the API isn't very intuitive without a
well-defined starting policy. ex: if the package starts off without a policy,
and then the user calls allowAllContentSameOrigin(), that will result in
turning off inline scripts, which is probably not what they wanted.
- AllContent functions do more of what you'd expect now;
i.e. BrowserPolicy.disallowAllContent() actually disallows all content,
instead of setting default-src to 'none', which will allow other types of
content that have previously had srcs set for them.
- Add some tests
This code depends on PR 680. In addition, the docs include a link to
the proposed AppCache wiki page.
Adds the appcache smart package and associated documentation.
QA notes are in packages/appcache/QA.md (Is this a good place to put
them?)
Note that sub.stop() is now handled by the client (it removes the record of the
subscription) but there is no way for an app to observe this. (I expect we'll
use sub.stop() in implementing "fetch" in the Mongo connector.)
Instead of a general client-side sub de-duping mechanism (which mostly existed
for the sake of autosubscribe, and causes issues with server-driven
unsubscribes), make Meteor.subscribe explicitly aware of reactivity.
Expose an "invalidated" flag on Meteor.deps.Context.
Guarantee that invalidation callbacks from different contexts will not be
interleaved at flush time. This has the implication that if you do
context1.onInvalidate(function () {
context2.invalidate();
});
and this is the only way to invalidate context2, then context2's invalidation
callbacks will not be called until after *ALL* of context1's callbacks are
called. This allows us to be sure that the "unsubscribe, unless autorun tried to
re-create an identical sub" logic runs after the autorun function is rerun.
