When downloading files during a Cordova hot code push, we need to
detect if a file is not available instead of inadvertently downloading
the default index page.
If we serve files with a Last-Modified based on the file date, this
interferes with content-based cache validation using ETag because
clients are required to take both into account.
We previously served non-cacheable files with a max-age of a day. This was done
to avoid image flickering on page reload (see #773).
As far as I can tell, image flickering still occurs because `location.reload`
always forces validation. But switching to `location.replace` means that max-age
will actually be respected, and we don't want to cache these assets for a day
because then changes would not be visible on reloads.
If a cached version of an asset is still fresh (depending on the `max-age`), there
is no need to send even a conditional request. Because `location.reload()` for
some reason does force validation, it makes sense to use `location.replace` instead
and improve reloading performance by avoiding unnecessary requests.
Previously, the ETag header was set (by `send`) to a default value based on the
inode of the file. Using the asset hash instead allows for proper conditional
requests even after redeployments.
To take advantage of content-based caching, we also have to disable the
Last-Modified header because having this set to the file date would still make
requests conditional on the most recent deployment. This requires updating the
send dependency and is done in a separate commit.
Fixes#626.
This commit allows middleware to set the status code of the http response. This will allow a server-side router to return, for example, a '404 Not Found' response. This has SEO benefits because currently search engines may index example.org/page-that-doesn't-exist because Meteor returns a 200 OK code and the normal boilerplate response body. With a proper 404 status we can still return the boilerplate to render a client side 404 template but search engines won't index the page. Instead of a hardcoded 200 response, we call res.writeHead with res.statusCode, and fallback to the default 200 code if it has not been set.
Explain a recent change to CS.Input.isEqual that eliminated a very
costly set of SQLite queries against the local package catalog cache
on every app rebuild.
Fixes#5621
While originally based on https://github.com/meteor/meteor/pull/5622, this commit has been modified by @martijnwalraven. In particular, I've cleaned up some of the test code to get rid of email variables shared between tests, and have made sure `forgotPassword` respects the passed in email and doesn't just use the first address in the user's `emails` list. Also, `Accounts.sendResetPasswordEmail` continues to expect a case sensitive email address (as do similar server functions).
* Minor code reorg/cleanup
* Do "fast pass without EJSON.clone" for updates with selector
{_id: {$in: [...]}}
* Add an assertion that observes with skip/limit are always
ordered (if this blows up we'll find out in the next RC)
Technically, this is a "breaking change" since code that is loaded
on client and server will now throw an error when calling DDPRateLimiter,
but the API didn't do anything on the client anyway so it's probably
more like a bug fix.
Add a bundledJsCssUrlRewriteHook function, which takes in a function and applies it
to the URL. Do not allow this on Cordova (handle that by just not calling it on Cordova).
Reimplement the bundledJsCssPrefix as a call to this function.
