This timeout was designed for a very specific case (hit stop during a
hot code push, come back to the page later and you don't expect your
session state to still be there), but it's not clear what length of time
is right for that, nor whether it's even what users expect (and if there
should be a timeout, it probably varies from package to package
depending on what type of data the package is storing in sessionStorage
-- e.g. for OAuth logins, 30 seconds is way too short of a timeout).
Fixes#2696.
This code was factored out a long time ago, but got duplicated by
accident in a merge conflict resolution (611298f).
Also lay some groundwork for a unit test.
Chrome is really strict; even (typeof sessionStorage) throws a
'SecurityError: Access is defined' when cookies & local storage
are blocked. Borrow the logic from history.js; it relies on
catching the exception.
This should fix a problem with reload-safetybelt for users with
Chrome in no-cookies mode.
Chrome is really strict; even (typeof sessionStorage) throws a
'SecurityError: Access is defined' when cookies & local storage
are blocked. Borrow the logic from history.js; it relies on
catching the exception.
This should fix a problem with reload-safetybelt for users with
Chrome in no-cookies mode.
UIWebView which aren't able to use the preferred "popup" login flow.
See the specs for details:
https://meteor.hackpad.com/OAuth-redirect-flow-spec-PeziTcaNPDPhttps://meteor.hackpad.com/OAuth-redirect-flow-part-II-vswwUKP4vXe
I extracted code to construct a URL from the `http` package into a new
`url` utility package. The new package has no public API, it simply
has the original URL construction functions that were in `http` and
makes them available to oauth.
Fixes the Meetup account login, as Meetup now requires using
"https://api.meetup.com/2/members" instead of
"https://secure.meetup.com/2/members".
The `?close` parameter for the redirect URI is now not needed or used.
For backwards compatibility the `?close` parameter is included if the
login service configuration doesn't include the `loginStyle` field
(indicating it was created using old code).
This package was always included in apps, and even if it was possible to remove,
there wasn't a compelling story about when users would remove and replace
it. Plus, not all backwards-compatibility code could even live in it (eg, field
names of objects), so it was incomplete. It also introduced odd load order
constraints.
Instead, we introduce two conventions for backwards-compatibility code:
- Special comments of the form "// XXX COMPAT WITH 0.6.4"
- When feasible, put backwards-compatibility code in a file called
"deprecated.js" in the relevant package.
This is documented at:
https://github.com/meteor/meteor/wiki/Meteor-Style-Guide#deprecated-code-and-backwards-compatibility
Additionally, removed some symbols that existed for backwards compatibility with
Meteor 0.4.0 (changes made 10 months ago): Meteor.is_client, Meteor.is_server,
and (in a method) this.is_simulation.
optional.
Motivation: now that we don't use "url" as a key in _LivedataConnection, it's
easier to turn it into a function (for MeteorWildcard support).
