Fixes#3730.
Testing Done:
Manual testing based on the report in #3730. Also confirmed that `</script>` is not a problem.
I would have added a test-packages test but there's no easy way to override Meteor.settings in test-packages.
Bugs closed: 3730
Reviewed at https://rbcommons.com/s/meteor/r/1/
Also remove SIGHUP handler. This was designed for a legacy system, and
SIGHUP would be a better fit for what autoupdate currently uses SIGUSR2
for. This includes removing some code in the ddp server to close
sockets on SIGHUP.
This commit moves parent pid process from the webapp package to the boot
script. This means that daemonized apps without webapp will also exit
when the runner exits, if run from the runner. (For example, several
self-tests such as 'autoupdate' no longer leak node processes.) This is
controlled via the $METEOR_PARENT_PID environment variable instead of
from command line arguments, in order to make fewer assumptions about
how Meteor apps process arguments.
This also drops the old --keepalive support (which already has stopped
being used by the dev mode runner or any MDG deployment platforms).
Neither --parent-pid nor --keepalive were documented beforehand, and
--keepalive was already deprecated before 1.0.
These flags used to also incidentally trigger printing the LISTENING
line; this is now controlled by $METEOR_PRINT_ON_LISTEN.
Fixes#3315.
Cordova serves assets directly from the device so it doesn’t make sense to hit the CDN for them. Besides it causes issues because they are served from /__cordova (on the real webserver) anyway.
If we use `__meteor_runtime_config__.ROOT_URL` directly, as we were
previously, then we end up sending Cordova clients to http:// URLs even
if force-ssl is being used in the app. This is fairly bad on its own
(always sending cordova clients to http:// URLs instead of https://),
but made even worse by the fact that we don't set CORS headers on
force-ssl redirects (that is, the app breaks completely if the client
makes a DDP connection to an http:// URL for a force-ssl app).
The server sends hot code push updates to mobile clients with ROOT_URL
and DDP_DEFAULT_CONNECTION_URL taken from the MOBILE_ROOT_URL and
MOBILE_DDP_URL environment variables. These are set by the main meteor
process when it starts the app runner.
When you set ROOT_URL_PATH_PREFIX, source maps are not found because the server serves them at a different path from where the client looks for them.
I don’t understand this code super well, but based on what’s reported in issue #2627, the new code seems strictly more correct than the old code.
Parse as decimal (which means you can't specify --parent-pid in hex,
that's fine). And convert back to string to check that the whole string
was parsed as an int (i.e. "123foobar" should not be converted to
"123").
Thanks Slava and Avital.
If you pass "--parent-pid foobar", then we immediately log an error
message and exit. This check happens via `parseInt` rather than testing
for exceptions in `process.kill(parentPid, 0)` because `process.kill`
converts its pid argument to an integer, so `process.kill('foobar', 0)`
returns true just as `process.kill(0, 0)` does.
Downsides:
* Doesn't catch the case where the parent is CPU-hogging (but maybe we
don't want to catch that case anyway, since the bundler not yielding
is what's causing #2536).
* Could be fooled by pid re-use, i.e. if another process comes up and
takes the parent process's place before the child process dies.
Untested so far because I haven't been able to actually kill a parent
process in such a way that the child stays alive.
We were not passing html attributes through to the Boilerplate object,
so appcache manifest was never showing up in the <html> tag. Add
'extraData' to `Boilerplate.toHTML` so that we can specify the html
attributes at request time.
Cordova projects often have a different set of files than web targets,
so we would like to be able to target different client architectures in
our bundles. Ideally, we allow the user to use arbitrary client
architectures - but this patch is a step in the right direction by
abstracting out more of the hard coded "browser"/"os" lines.
We accomplish this separation in a backwards compatible way by allowing
api.___ commands to target a "client" architecture. For example,
api.addFiles('a.js', 'client') adds 'a.js' to both the 'client.browser'
and 'client.cordova' targets.
Effects on 0.9 packaging stuff: packages don't have to change, but the
"data.json" file in ".meteor0" has "browser" in some places. We think we
have to fix the troposphere code where this data.json is created.
Some plugins will also be backwards-incompatible with this change, since
many have a "clientArch.matches("browser")" line in the plugin
code. Ideally, we fix plugins so that this stops being an issue, but for
now package authors can just patch that line.
At the compiled (unipackage) level the new names are 'web.browser' and
'web.cordova', replacing 'browser'. In package.js, the new names are
'client.browser' and 'client.cordova', serving as an adjunct to 'client'.
