When downloading files during a Cordova hot code push, we need to
detect if a file is not available instead of inadvertently downloading
the default index page.
If we serve files with a Last-Modified based on the file date, this
interferes with content-based cache validation using ETag because
clients are required to take both into account.
We previously served non-cacheable files with a max-age of a day. This was done
to avoid image flickering on page reload (see #773).
As far as I can tell, image flickering still occurs because `location.reload`
always forces validation. But switching to `location.replace` means that max-age
will actually be respected, and we don't want to cache these assets for a day
because then changes would not be visible on reloads.
Previously, the ETag header was set (by `send`) to a default value based on the
inode of the file. Using the asset hash instead allows for proper conditional
requests even after redeployments.
To take advantage of content-based caching, we also have to disable the
Last-Modified header because having this set to the file date would still make
requests conditional on the most recent deployment. This requires updating the
send dependency and is done in a separate commit.
Fixes#626.
This commit allows middleware to set the status code of the http response. This will allow a server-side router to return, for example, a '404 Not Found' response. This has SEO benefits because currently search engines may index example.org/page-that-doesn't-exist because Meteor returns a 200 OK code and the normal boilerplate response body. With a proper 404 status we can still return the boilerplate to render a client side 404 template but search engines won't index the page. Instead of a hardcoded 200 response, we call res.writeHead with res.statusCode, and fallback to the default 200 code if it has not been set.
Add a bundledJsCssUrlRewriteHook function, which takes in a function and applies it
to the URL. Do not allow this on Cordova (handle that by just not calling it on Cordova).
Reimplement the bundledJsCssPrefix as a call to this function.
Tried to get everything to an rc.0 of the very latest version,
which required some research in some cases about the published
versions. For example, some packages had version histories like:
```
...
1.0.3-winr.2 January 20th, 2015
1.0.3-winr.3 February 24th, 2015 installed
1.0.3 March 17th, 2015 installed
1.0.4-anubhav.0 August 6th, 2015
1.0.4-plugins.0 July 22nd, 2015
1.0.5-galaxy.0 July 17th, 2015
```
In this case, I would bump the version from `1.0.4-plugins.0`
to `1.0.5-rc.0`, skipping `1.0.4`.
This included removing some internal version constraints. It would be
nice if package A could say "use B@2.0.0" (when both have changed), but
when they're both in the release, we need to make a release that has a
B@2.0.0-rc in it, which doesn't match that constraint. Fortunately,
constraints aren't necessary within a release anyway.
In 5.0.0 Cordova now requires a whitelist plugin for allowing access to external resources.
For now the dependency is for the legacy-whitelist plugin due to meteor currently using
the older <access> tags.. see https://github.com/apache/cordova-plugin-whitelist
Fixes#3730.
Testing Done:
Manual testing based on the report in #3730. Also confirmed that `</script>` is not a problem.
I would have added a test-packages test but there's no easy way to override Meteor.settings in test-packages.
Bugs closed: 3730
Reviewed at https://rbcommons.com/s/meteor/r/1/
A merge of the windows-cordova branch did not increment the version numbers
of some packages before adding pre-release versions. This causes constraint
solver errors, when, for example, trying to build a release from devel. This
change should fix the most obvious candidates.
Also remove SIGHUP handler. This was designed for a legacy system, and
SIGHUP would be a better fit for what autoupdate currently uses SIGUSR2
for. This includes removing some code in the ddp server to close
sockets on SIGHUP.
