This included removing some internal version constraints. It would be
nice if package A could say "use B@2.0.0" (when both have changed), but
when they're both in the release, we need to make a release that has a
B@2.0.0-rc in it, which doesn't match that constraint. Fortunately,
constraints aren't necessary within a release anyway.
In 5.0.0 Cordova now requires a whitelist plugin for allowing access to external resources.
For now the dependency is for the legacy-whitelist plugin due to meteor currently using
the older <access> tags.. see https://github.com/apache/cordova-plugin-whitelist
Fixes#3730.
Testing Done:
Manual testing based on the report in #3730. Also confirmed that `</script>` is not a problem.
I would have added a test-packages test but there's no easy way to override Meteor.settings in test-packages.
Bugs closed: 3730
Reviewed at https://rbcommons.com/s/meteor/r/1/
A merge of the windows-cordova branch did not increment the version numbers
of some packages before adding pre-release versions. This causes constraint
solver errors, when, for example, trying to build a release from devel. This
change should fix the most obvious candidates.
Also remove SIGHUP handler. This was designed for a legacy system, and
SIGHUP would be a better fit for what autoupdate currently uses SIGUSR2
for. This includes removing some code in the ddp server to close
sockets on SIGHUP.
This commit moves parent pid process from the webapp package to the boot
script. This means that daemonized apps without webapp will also exit
when the runner exits, if run from the runner. (For example, several
self-tests such as 'autoupdate' no longer leak node processes.) This is
controlled via the $METEOR_PARENT_PID environment variable instead of
from command line arguments, in order to make fewer assumptions about
how Meteor apps process arguments.
This also drops the old --keepalive support (which already has stopped
being used by the dev mode runner or any MDG deployment platforms).
Neither --parent-pid nor --keepalive were documented beforehand, and
--keepalive was already deprecated before 1.0.
These flags used to also incidentally trigger printing the LISTENING
line; this is now controlled by $METEOR_PRINT_ON_LISTEN.
Fixes#3315.
Cordova serves assets directly from the device so it doesn’t make sense to hit the CDN for them. Besides it causes issues because they are served from /__cordova (on the real webserver) anyway.
If we use `__meteor_runtime_config__.ROOT_URL` directly, as we were
previously, then we end up sending Cordova clients to http:// URLs even
if force-ssl is being used in the app. This is fairly bad on its own
(always sending cordova clients to http:// URLs instead of https://),
but made even worse by the fact that we don't set CORS headers on
force-ssl redirects (that is, the app breaks completely if the client
makes a DDP connection to an http:// URL for a force-ssl app).
If we use `__meteor_runtime_config__.ROOT_URL` directly, as we were
previously, then we end up sending Cordova clients to http:// URLs even
if force-ssl is being used in the app. This is fairly bad on its own
(always sending cordova clients to http:// URLs instead of https://),
but made even worse by the fact that we don't set CORS headers on
force-ssl redirects (that is, the app breaks completely if the client
makes a DDP connection to an http:// URL for a force-ssl app).
So far I have only removed files from packages that are included by
default in newly `meteor create`d projects. We should probably make a pass
over all the core packages, too.
