Have `OAuthEncryption.open` throw "decryption unsuccessful" on any
error to avoid allowing an attacker to break the encryption key by
observing the result of sending manipulated ciphertexts.
Add oauth-encryption and the oauthSecretKey config options to the docs
page.
Update history.
More documentation on functions.
Use `OAuth.sealSecret(...)` instead of `{seal: ...}`.
Rename OAuth._openSecret(s) to OAuth.openSecret(s).
In the readme describing how to generate a key, just use Node instead
of going through the hassle of creating a Meteor application.
Have the `oauth` package weakly depend on `oauth-encryption` for when
it's being used without accounts.
Add tips on using oauth-encryption without accounts to the readme.
- Remove starter-browser-policy and replace it with
BrowserPolicy.enableContentSecurityPolicy(), which gives you the starter
policy and allows you to use the other BrowserPolicy functions to configure
it. This is motivated by the fact that the API isn't very intuitive without a
well-defined starting policy. ex: if the package starts off without a policy,
and then the user calls allowAllContentSameOrigin(), that will result in
turning off inline scripts, which is probably not what they wanted.
- AllContent functions do more of what you'd expect now;
i.e. BrowserPolicy.disallowAllContent() actually disallows all content,
instead of setting default-src to 'none', which will allow other types of
content that have previously had srcs set for them.
- Add some tests
This code depends on PR 680. In addition, the docs include a link to
the proposed AppCache wiki page.
Adds the appcache smart package and associated documentation.
QA notes are in packages/appcache/QA.md (Is this a good place to put
them?)
Meteor's sass package wraps the "sass" NPM module, which implements a version of
the Sass language much older than the .sass described at sass-lang.com (and
doesn't implement the current recommended .scss language at all). It also has
poor error handling, so it mostly just ends up confusing users.
The module is unmaintained, and its author now uses stylus/nib (which Meteor
supports: see the stylus package).
If many users want Sass support, we could add this back in wrapping the
"node-sass" package instead (which supports a more recent version of the Sass
language), but for now, just remove it. Meteor still supports Stylus and Less
out of the box.
Fixes#143.
