Commit Graph

247 Commits

Author SHA1 Message Date
Dan Hensby
625e6d5f54
Merge branch '4.0' into 4.1 2019-03-06 11:00:41 +00:00
Daniel Hensby
7416ce275b
FIX doInit comparison should be lowercased 2019-03-05 19:01:12 +00:00
Maxime Rainville
8ec9c50c58 DOCS Correct documentation for ExecMetricMiddleware 2019-01-30 13:58:09 +13:00
Maxime Rainville
c4bf06f600 NEW Add new execmetric debug URL parameter to print out exection time and peak memory usage 2019-01-29 17:28:28 +13:00
Robbie Averill
d8cd085190 Merge branch '4.3' into 4 2019-01-24 17:14:09 +02:00
Simon Gow
c28670ebed #8724 - Session timeout regression
Only emit the session refresh cookie if the session timeout is set.
2019-01-18 10:07:53 +13:00
Simon Gow
af08328e8e Existing sessions need to set a new cookie on each request, if the
session exists, otherwise our expiry is never updated and sessions
can't roll on every request.
2019-01-17 17:37:35 +13:00
Maxime Rainville
1e01deea39 NEW Make resources dir configurable (#8519)
* NEW Make resources dir configurable.

* Removing reference to old `resources` and updating doc #8519

* Rrtarget to 4.4 release.

* DOC Reference SS_RESOURCES_DIR in Environment doc.

* API Add a Resources method to SilverStripe\Core\Manifest\Module to read the resources-dir from composer.json

* Clean up reference to SS_RESOURCES_DIR env var

* Set default resources-dir

* Update test to use RESOURCES_DIR const in expected resource url method

* Correcting typos

Co-Authored-By: maxime-rainville <maxime@rainville.me>

* MINOR Correctubg minor typos

* DOCS Document the intricacies of exposing static assets.
2019-01-09 15:35:45 +13:00
Robbie Averill
7c96feef37 Merge branch '4.3' into 4 2019-01-08 12:27:48 +01:00
Simon Gow
d01585cc98 #8543 Resolve Duplicate Headers
- fix linting
2018-12-19 12:39:32 +13:00
Simon Gow
1edfa4d956 #8543 Resolve Duplicate Headers
- Replace session name lookup with function to also check secure cookies
- Added timeout which defaults to 0 (same as PHP)
- Removed php7 style of session_start from PR
- moved session_start into headers sent block to prevent warnings.
2018-12-19 12:39:32 +13:00
Simon Gow
4eb6669c08 #8543 Resolve Duplicate Headers
Put cookie_lifetime back into the session parameters.
2018-12-19 12:39:32 +13:00
Simon Gow
2deb8f4176 Resolve Duplicate Headers
Ensure only a single Set-Cookie header is returned from Session once
we have data to save. Include backwards compatibility for PHP56
2018-12-19 12:39:32 +13:00
Maxime Rainville
7f6b80f87d Correct session doc typo 2018-12-14 13:01:22 +13:00
Guy Marriott
87b74b9cc1
Correcting Max's eggrigious typos
Co-Authored-By: maxime-rainville <maxime@rainville.me>
2018-12-13 13:50:35 +13:00
Maxime Rainville
6e214e2e8b DOCS Updating Session doc to reflect that you need to operation on an instance. 2018-12-13 11:05:49 +13:00
Guy Marriott
b2dd22fb50
Merge pull request #8506 from creative-commoners/pulls/4.3/all-the-unit-tests
NEW Adding a stack more unit tests for logging and some form fields
2018-11-11 10:31:24 +13:00
Aaron Carlino
76936d863d Merge branch '4.3' into 4 2018-11-07 23:20:44 +13:00
Loz Calver
8d7c2dafab [SS-2018-019] Add confirmation token to dev/build 2018-11-07 11:33:24 +13:00
Loz Calver
af000bea9b [SS-2018-019] Add confirmation token to dev/build 2018-11-07 11:32:55 +13:00
Loz Calver
0610f76da0 [SS-2018-019] Add confirmation token to dev/build 2018-11-07 11:31:33 +13:00
Loz Calver
3dbb10625c [SS-2018-019] Add confirmation token to dev/build 2018-11-07 11:24:51 +13:00
Robbie Averill
b02a6fa02d FIX Replace usage of Convert JSON methods with json_encode 2018-10-28 21:15:29 +00:00
Robbie Averill
e211e27470 Add more unit tests for DebugViewFriendlyErrorFormatter, tidy up Director::is_ajax() return 2018-10-20 14:27:57 +02:00
Robbie Averill
ee24413c30 Merge branch '4.2' into 4 2018-10-03 15:28:05 +02:00
Robbie Averill
4d14e9b6b1
Merge pull request #8421 from creative-commoners/pulls/4.3/psr-5-deprecations
Update deprecation PHPDocs to be PSR-5 compliant
2018-09-28 14:18:54 +02:00
Robbie Averill
f842ee2eec Update deprecation PHPDocs to be PSR-5 compliant
See: https://github.com/php-fig/fig-standards/blob/master/proposed/phpdoc-tags.md#55-deprecated
2018-09-28 10:49:14 +02:00
Sam Minnee
b98c87a6c5 FIX: Ensure existing session can be accessed if headers_sent()
If a session already exists, and Session::start() isn’t called until
after a large enough block of content is output, then headers_sent()
will be false. The previous code prevented the session from being
started in this case. That might makes sense for the creation of a new
session, but it prevent legitimate access to an existing session.

This mostly manifested when running debugging tools such as showqueries,
which may output content before the session is started.
2018-09-28 13:25:13 +12:00
Robbie Averill
d11911d4dd
Merge pull request #8394 from littlegiant/pulls/4.2/http-status-codes
BUG Prevent error on valid response status codes
2018-09-21 13:19:29 +02:00
Damian Mooyman
1d5ecd342e
BUG Prevent error on valid response status codes 2018-09-21 14:54:26 +12:00
Robbie Averill
373a8afeb5 Merge branch '4.2' into 4 2018-09-06 13:26:46 +02:00
Robbie Averill
270aba4007 Merge branch '4.1' into 4.2 2018-09-06 13:26:31 +02:00
Robbie Averill
b6ff21f72a Merge branch '4.0' into 4.1 2018-09-06 13:26:13 +02:00
Robbie Averill
b922c0d732 FIX Check scheme is truthy before setting it to the request 2018-09-03 08:59:37 +02:00
Robbie Averill
83e461abbf Merge branch '4.2' into 4 2018-08-27 16:15:57 +12:00
Robbie Averill
37a266f2f0 Merge branch '4.1' into 4.2 2018-08-27 16:14:24 +12:00
Scott Hutchinson
4da5569232 FIX ensure createFromVariables takes correct params on CLIRequestBuilder 2018-08-27 16:12:52 +12:00
Robbie Averill
66c09afc9c Merge branch '4.0' into 4.1 2018-08-27 16:12:04 +12:00
Robbie Averill
3178fbf3bb
Merge pull request #8028 from andrewandante/pulls/4.0/unset_http_scheme_on_cli
unset http scheme on CLIRequestBuilder
2018-08-27 16:11:42 +12:00
Thomas Portelange
27ac001d5b FIX email rendering should not include requirements
If no body is defined, the email is rendered according to a template. Clearing requirements prevent unnecessary styles/scripts to be included in the html (and that needs to be processed/stripped down the line).
2018-08-23 14:01:27 +12:00
Robbie Averill
735c87b709
Merge pull request #8327 from dhensby/pulls/4/application-json
FIX text/json is not a valid mimetype
2018-08-19 13:42:27 +12:00
maks
160d595e22
fix trailing whitespace 2018-08-17 18:16:17 +02:00
maks
16217f3655
fix accidentaly deleted comma 2018-08-17 15:13:13 +02:00
maks
aa1e576a3f
convert to php 5.4+ array syntax 2018-08-17 15:03:46 +02:00
Daniel Hensby
d9154bffbf
FIX text/json is not a valid mimetype 2018-08-15 12:10:39 +01:00
Daniel Hensby
ae00147de1
Merge pull request #8280 from open-sausages/pulls/4/simpler-vary-header
FIX: Remove X-Requested-With from default Vary header
2018-07-24 01:45:07 +01:00
Ingo Schommer
d12c2fe631
Properly deprecate HTTP.cache_control 2018-07-23 19:09:11 +01:00
Ingo Schommer
d426ecbb89
Add $maxAge arg for caching API
See https://github.com/silverstripe/silverstripe-framework/issues/8272
2018-07-23 19:09:10 +01:00
Sam Minnee
bde3121a33
FIX: Remove X-Requested-With from default Vary header
3.x forward port of https://github.com/silverstripe/silverstripe-framework/pull/8242
2018-07-23 14:18:05 +01:00
Ingo Schommer
74b655d3fc
Fix tests on unset session data
Thanks Robbie!
2018-07-23 14:09:42 +01:00
Ingo Schommer
76ac8465de
BUG Lazy session state (fixes #8267)
Fixes regression from 3.x, where sessions where lazy started as required:
Either because an existing session identifier was sent through with the request,
or because new session data needed to be persisted as part of the request execution.

Without this lazy starting, *every* request will get a session,
which makes all those responses uncacheable by HTTP layers.

Note that 4.x also changed the $data vs. $changedData payloads:
In 3.x, they both contained key/value pairs.
In 4.x, $data contains key/value, while $changedData contains key/boolean to declare isChanged.
While this reduces duplication in the class, it also surfaced a bug which was latent in 3.x:
When an existing session is lazily resumed via start(), $data is set back to an empty array.
In 3.x, any changed data before this point was *also* retained in $changedData,
ensuring it gets merged into existing $_SESSION data.
In 4.x, this clears out data - hence the need for a more complex merge logic.

Since isset($this->data) is no longer an accurate indicator of a started session,
we introduce a separate $this->started flag.

Note that I've chosen not to make lazy an opt-in (e.g. via start($request, $lazy=false)).
We already have a distinction between lazy starting via init(), and force starting via start().
2018-07-23 14:09:42 +01:00
Daniel Hensby
a3687147fe
State default should be state enabled (no-cache is an enabled state) 2018-07-23 14:07:10 +01:00
Daniel Hensby
9f1471332d
Make augmentState method more efficient 2018-07-23 14:07:10 +01:00
Daniel Hensby
cebed776ab
FIX If theres a max-age set remove no-cache and no-store 2018-07-23 14:07:09 +01:00
Daniel Hensby
2b1c55bc4e
FIX Allow setNoCache(false) to remove no-cache directive 2018-07-23 14:07:09 +01:00
Daniel Hensby
842b39e988
FIX Add must-revalidate to default state so its common on all our core states 2018-07-23 14:07:09 +01:00
Daniel Hensby
997730aa7f
FIX Allow cache control changes to affect default state 2018-07-23 14:07:08 +01:00
Daniel Hensby
c52be7fe09
Consolidate disabling cache logic 2018-07-23 14:05:12 +01:00
Daniel Hensby
f7f567a12e
Make config private (notation isnt working) 2018-07-23 14:05:12 +01:00
Daniel Hensby
b78a89a76c
FIX Default cache state should be no-cache 2018-07-23 14:05:12 +01:00
Damian Mooyman
b686b86c34 Session now prevents cache headers being sent unintentionally 2018-06-14 15:59:51 +12:00
Ingo Schommer
513e0891d3 Clarify function of registerModificationDate() 2018-06-14 14:13:28 +12:00
Damian Mooyman
6b8f63c4d5
Refactor redirect cache busting into middleware 2018-06-14 14:11:31 +12:00
Damian Mooyman
3ce8ab3adc
Improve handling of deprecated apis 2018-06-14 13:01:27 +12:00
Damian Mooyman
163f1523e9
Add upgrade rule for HTTPCacheControl 2018-06-14 11:55:05 +12:00
Damian Mooyman
9274692415
Fix core tests 2018-06-14 11:46:47 +12:00
Damian Mooyman
59ba208df0
Fix HTTPTest 2018-06-14 11:46:28 +12:00
Damian Mooyman
6b68495c0d
Rename ETagMiddleware to ChangeDetectionMiddleware 2018-06-14 11:16:52 +12:00
Damian Mooyman
b7e54bad24
Adjust HTTPResponse::getVersion() to match PSR-7 Method signature 2018-06-14 11:04:07 +12:00
Daniel Hensby
a88257efac
NEW Add version to HTTPRequest and create raw string representation 2018-06-13 15:29:04 +01:00
Daniel Hensby
1b425570cf
Remove IE edge case handling 2018-06-13 15:29:04 +01:00
Daniel Hensby
17ad985925
Cleanup ETag middleware 2018-06-13 15:29:03 +01:00
Daniel Hensby
0b308c871d
DOCS Update doc errors 2018-06-13 15:29:03 +01:00
Damian Mooyman
687d0a6af1
Refactor everything out of HTTP and into separate middlewares 2018-06-13 17:56:47 +12:00
Damian Mooyman
6f32762268
Fix unit tests 2018-06-13 14:09:31 +12:00
Damian Mooyman
aa1ba0ef90
Fix inverted condition
Remove unnecessary yml block
Deprecate HTTP::set_cache_age()
2018-06-13 13:56:47 +12:00
Daniel Hensby
7c875918c7 FIX make sure we create ETags from the body, not the request 2018-06-13 11:33:46 +12:00
Daniel Hensby
6bb69d1ae5 Throw caught exceptions in HTTPCacheControlMiddleware::process 2018-06-13 11:33:46 +12:00
Daniel Hensby
37343cf0e2 Use veradic argument for HTTP::combineVary 2018-06-13 11:33:45 +12:00
Daniel Hensby
bf90af4845 Linting fixes 2018-06-13 11:33:45 +12:00
Damian Mooyman
442db3050c Manual merge up of 3.x changes to HTTP class 2018-06-13 11:33:45 +12:00
Damian Mooyman
76bf2ab21a WIP of cache middlware 2018-06-13 11:33:45 +12:00
Damian Mooyman
6c985c4e5f
Merge remote-tracking branch 'origin/4.1' into 4 2018-06-13 11:25:20 +12:00
Damian Mooyman
c2123f772f
Merge remote-tracking branch 'origin/4.0' into 4.1 2018-06-13 11:24:12 +12:00
Damian Mooyman
2a51f34c3e
BUG Prevent canonical URL causing a redirect on CLI unless explicitly enabled
Replaces #8157
2018-06-11 13:54:27 +12:00
Jonathon Menz
bf07ba30f4 FIX: Make error messages available to extensions 2018-06-05 14:12:28 -07:00
Robbie Averill
c3e5ab2258
Merge pull request #65 from silverstripe-security/pulls/4.2/ss-2018-009
[SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication
2018-05-28 18:57:38 +12:00
Robbie Averill
ea16e28aa7 Merge branch '4.1' into 4 2018-05-28 18:33:56 +12:00
Robbie Averill
722202fef4 Merge remote-tracking branch 'origin/4.0.4' into 4.1.1
# Conflicts:
  #	src/Control/Director.php
2018-05-24 15:41:11 +12:00
Damian Mooyman
5bff64b47b BUG Fix Director::test() not persisting removed session keys on teardown 2018-05-24 13:10:03 +12:00
Damian Mooyman
9053014a7e [ss-2018-008] Validate against malformed urls 2018-05-14 17:06:47 +12:00
Andrew Aitken-Fincham
64964f7402
unset http scheme on CLIRequestBuilder 2018-05-02 11:43:51 +01:00
Robbie Averill
30e2d9c4df [SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication 2018-04-24 14:44:29 +12:00
Damian Mooyman
26402f3bb5
ENHANCEMENT Enable request handlers to be extended 2018-03-21 15:50:31 +13:00
Ingo Schommer
0fe56732af RequestHandler updateLink() extension point 2018-03-20 15:08:29 +13:00
Damian Mooyman
6b38031a1e BUG Fix Director::test() not persisting removed session keys on teardown 2018-02-13 11:35:16 +13:00
Damian Mooyman
2225cf4c95
BUG Fix Director::test() not persisting removed session keys on teardown 2018-02-07 11:03:32 +13:00
Damian Mooyman
e359948eb3
Merge remote-tracking branch 'origin/4.0' into 4
# Conflicts:
#	src/Core/CoreKernel.php
2018-02-05 17:52:38 +13:00
Damian Mooyman
740c3326e9
BUG Fix critical issue with incorrectly saved session data 2018-02-02 15:08:52 +13:00
Damian Mooyman
bca47029c4
Merge remote-tracking branch 'origin/4.0' into 4
# Conflicts:
#	src/Control/SimpleResourceURLGenerator.php
#	tests/php/Control/SimpleResourceURLGeneratorTest.php
2018-01-25 12:53:15 +13:00