Permalink
Switch branches/tags
Commits on Jan 24, 2016
  1. Changing ajaxAddMetaFunc from a var to a val now that it is a Factory…

    joescii committed Jan 24, 2016
    …Maker. Also changing ajaxRetryInOrderReceived to be a FactoryMaker as it both avoids a var, and can be sensitive to state such as the current request
  2. Adding ability to subscribe to server communication notifications wit…

    joescii committed Jan 24, 2016
    …h addAjaxOnCommFailure, addAjaxOnCommSuccess, addCometOnCommFailure, and addCometOnCommSuccess
Commits on Jan 18, 2016
  1. Merge pull request #1754 from lift/relax-max

    Shadowfiend committed Jan 18, 2016
    Relax Max: Make Content-Security-Policy report-only in production
    
    This is done so that transition to Lift 3.0.0 will be less bumpy. Also
    added a spec for SecurityRules, although it doesn't quite cover
    everything.
  2. Fix date in copyright header.

    Shadowfiend committed Jan 18, 2016
Commits on Jan 12, 2016
  1. Add tests for SecurityRules.

    Shadowfiend committed Jan 12, 2016
    These are not comprehensive yet, but better than nothing!
  2. Turn off prod Content-Security-Policy enforcement by default.

    Shadowfiend committed Jan 12, 2016
    We introduce flags to toggle CSP enforcement in modes other than dev, and
    default to false. This is to smooth transition to Lift 3.0.0 as discussed on
    the mailing list; 3.1.0 will shift to the final secure default of enforcing in
    production.
    
    Additionally, in the process, we rework where we do mode checking---we now
    check the run mode in SecurityRules and pass the category-specific header
    generators final information about whether enforcement and logging are enabled.
Commits on Jan 9, 2016
  1. Merge pull request #1725 from lift/msf_issue_526

    farmdawgnation committed Jan 9, 2016
    Cleanup JS related deprecations.
Commits on Dec 31, 2015
  1. Merge pull request #1748 from lift/tcn_issue_1745b

    Shadowfiend committed Dec 31, 2015
    Add 'X-Requested-With' header to liftVanilla
    
    liftVanilla was hand-rolled for folks who didn't want to pull in
    jQuery, and implements only the subset of JS operations that
    Lift needs for its AJAX and comet features. However, when we
    implemented it we forgot to set the X-Requested-With HTTP
    header during AJAX requests. Amongst other things, this means
    that Req's `ajax_?` check did not succeed on AJAX requests
    initiated by liftVanilla.
    
    We fix that now so that liftVanilla does set that header. We've
    also added a rudimentary JS testing framework that, amongst
    other things verifies that this header is set.
  2. Fixed merge conflict

    eltimn committed Dec 31, 2015
Commits on Dec 30, 2015
  1. Merge pull request #1750 from lift/tcn_issue_1695

    Shadowfiend committed Dec 30, 2015
    Use S.originalRequest in Menu snippet
    
    The Menu snippet checks the request to determine which
    item to highlight as “current”. Because we were using S.request,
    rendering the current menu item during an AJAX request would
    not work (as S.request is the AJAX request, not the original page
    request associated with the AJAX request). Fortunately, we can
    access the original page request via originalRequest, and we
    now use that to determine the current menu item.
  2. Better .jshintrc

    eltimn committed Dec 30, 2015
  3. Added formatting to LiftRules.htmlProperties comment

    eltimn committed Dec 30, 2015
  4. Added .jshintrc file

    eltimn committed Dec 30, 2015
  5. Fixed merge conflict

    eltimn committed Dec 30, 2015
Commits on Dec 29, 2015
  1. Merge pull request #1749 from lift/tcn_issue_1747

    Shadowfiend committed Dec 29, 2015
    Upgrade mongo-java-driver to v2.14.0
    
    We can't upgrade to the 3 series until we remove a few
    functions, which I've deprecated in this commit. This version
    is compatible with the latest server versions, so it should be
    sufficient for a while longer.
Commits on Dec 28, 2015
  1. Run webapptests last

    eltimn committed Dec 28, 2015
  2. Fix double equals in lift.js

    eltimn committed Dec 28, 2015
  3. Updated MongoDB.useSession deprecation message.

    eltimn committed Dec 28, 2015
Commits on Dec 26, 2015
  1. Use S.originalRequest in Menu snippet

    eltimn committed Dec 26, 2015
  2. Upgrade mongo-java-driver to v2.14.0

    eltimn committed Dec 26, 2015
  3. Add 'X-Requested-With' header to liftVanilla

    eltimn committed Dec 15, 2015
Commits on Dec 14, 2015
  1. Merge pull request #1744 from lift/has-pwn-property

    Shadowfiend committed Dec 14, 2015
    Has Pwn Property: Fix hasOwnProperty use in IE.
    
    There was code that referenced a nonexistent hasOwnProperty variable, which we
    now introduce, and we change the one other usage of hasOwnProperty to also use
    this variable. This should generally be IE-safe---the core issue is that IE 8
    does not have hasOwnProperty on native objects like Array, which can cause
    things to go boom boom.
  2. Merge pull request #1742 from lift/ppe_move_inlineJs

    Shadowfiend committed Dec 14, 2015
    Deprecate FocusOnLoad and use lift's page script file for focusing.
    
    While working on the lift_30_sbt lift_basic template I noticed that the
    ProtoUser controlled login page added a in-line element focus script
    via ProtoUser's use of the FocusOnLoad object. To avoid relaxing
    Lift 3's CSP rules by setting UnsafeInline for the script sources in
    lift_basic a change to the FocusOnLoad object was needed.
Commits on Dec 12, 2015
  1. Adjusting the login bindings.

    karma4u101 committed Dec 12, 2015
  2. Merge pull request #1741 from lift/well-rested-futures

    farmdawgnation committed Dec 12, 2015
    RestHelper has long supported returning an LAFuture as the result of
    a RestHelper block and auto-wrapped those in RestHelper.async so
    they're dealt with via continuation, much like comet responses. This PR
    extends RestHelper to support the same functionality for Scala Futures,
    thus rounding out our dual support for Scala and Lift futures both here and
    in snippet bindings.
  3. A missing paren is what you get when you don't test >_>

    Shadowfiend committed Dec 12, 2015
  4. Drop complete_? checks in CanResolveAsyncSpecs.

    Shadowfiend committed Dec 12, 2015
    We were using that to fail if the spec hadn't sastified its
    result future with the value received from the async resolution,
    but it looks like those satisfactions happen async, so we can't
    be sure that the future will be immediately complete once we
    hit that line of code. Instead we just let `get` block until we get
    the proper resolution, which should still be very quick.
  5. Fix hasOwnProperty use in IE.

    Shadowfiend committed Dec 12, 2015
    There was code that referenced a nonexistent hasOwnProperty variable, which we
    now introduce, and we change the one other usage of hasOwnProperty to also use
    this variable. This should generally be IE-safe---the core issue is that IE 8
    does not have hasOwnProperty on native objects like Array, which can cause
    things to go boom boom.
  6. Clarify RestHelperSpec for CanResolveAsync.

    Shadowfiend committed Dec 12, 2015
    We test it with an LAFuture, but the point is any CanResolveAsync will do.
Commits on Dec 11, 2015
  1. Fixing deprecation notice.

    karma4u101 committed Dec 11, 2015