Gregory Szorc <gregory.szorc@gmail.com> [Wed, 02 May 2018 19:16:01 -0700] rev 37829
paper: don't register click handlers with inline javascript (issue5812)
The use of inline href="javascript:" undermines CSP policies that
don't allow inline javascript.
This commit changes the registering of the diffstat and line wrapping
toggle handlers to the the global DOMContentLoaded handler, thus
eliminating all inline javascript from the paper template.
Differential Revision: https://phab.mercurial-scm.org/D3437
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 Apr 2018 17:28:59 -0700] rev 37828
hgweb: allow Content-Security-Policy header on 304 responses (issue5844)
A side-effect of 98baf8dea553 was that the Content-Security-Policy
header was set on all HTTP responses by default. This header wasn't
in our list of allowed headers for HTTP 304 responses. This would
trigger a ProgrammingError when a 304 response was issued via hgwebdir.
This commit adds Content-Security-Policy to the allow list of headers
for 304 responses so we no longer encounter the error.
Differential Revision: https://phab.mercurial-scm.org/D3436
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 Apr 2018 17:22:20 -0700] rev 37827
hgweb: discard Content-Type header for 304 responses (issue5844)
A side-effect of 98baf8dea553 was that hgwebdir always sets a global
default for the Content-Type header. HTTP 304 responses don't allow
the Content-Type header. So a side-effect of this change was that
HTTP 304 responses served via hgwebdir resulted in a ProgrammingError
being raised.
This commit teaches our 304 response issuing code to drop the
Content-Type header.
Differential Revision: https://phab.mercurial-scm.org/D3435
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 30 Apr 2018 17:08:56 -0700] rev 37826
tests: add tests demonstrating ISE for HTTP 304 responses with hgwebdir
There are two separate failures here. One for the Content-Type header.
Another for the Content-Security-Policy header.
Differential Revision: https://phab.mercurial-scm.org/D3434
Gregory Szorc <gregory.szorc@gmail.com> [Fri, 27 Apr 2018 14:51:02 -0700] rev 37825
hgweb: guard against empty Content-Length header
Discussion in issue 5860 seems to indicate this can occur.
Differential Revision: https://phab.mercurial-scm.org/D3432
Yuya Nishihara <yuya@tcha.org> [Thu, 26 Apr 2018 21:10:56 +0900] rev 37824
test-push-http: do not clear pid file
It's okay now, but we'll end up leaking daemon processes if we add some
more.
Yuya Nishihara <yuya@tcha.org> [Thu, 26 Apr 2018 21:24:13 +0900] rev 37823
debugcolor: fix crash by empty styles (issue5856)
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 Apr 2018 14:51:20 -0700] rev 37822
tests: explicitly define compression engines for tests
The zstd compression engine requires C extensions and isn't present
in pure Python builds.
The compression engine list leaks into the server capabilities string.
Unless we're testing functionality specific to a compression format,
the set of compression formats supported by a server doesn't matter
much.
So this commit explicitly defines the server's compression engines for
some tests so behavior is consistent between pure and non-pure builds.
Differential Revision: https://phab.mercurial-scm.org/D3431
Augie Fackler <augie@google.com> [Wed, 25 Apr 2018 13:18:51 -0400] rev 37821
tests: update no-zstd branch of test-treediscovery.t as in 330ada7e8ea5
This side of the test got overlooked. We should probably consider
having a way to run some of our tests through a "no-zstd" case just
like we run some things through a "no-obsmarkers" case, but that's not
an appropriate thing for stable.
Differential Revision: https://phab.mercurial-scm.org/D3430
Augie Fackler <augie@google.com> [Wed, 25 Apr 2018 13:13:42 -0400] rev 37820
tests: glob away content-length changes relating to missing zstd bindings
This doesn't fix everything in these two tests around missing zstd: we
still get some changes in the CBOR payload in ways that I think we
probably shouldn't bother to glob around. Maybe we should just disable
zstd support in some of these lower-level wireproto tests?
Differential Revision: https://phab.mercurial-scm.org/D3429