:: Version 3.2.0 ::

Migrate an Extension to 3.2

XML datamodel

Breaking changes

Other nodes added to the standard datamodel

Other nodes removed from the standard datamodel

Removed file

No XML file removed.

Removed dictionary entries

Deprecations

Other nodes deprecated in the standard datamodel

PHP APIs

Breaking changes

CRUD events

  • The event EVENT_DB_LINKS_CHANGED is not fired anymore for the current object under creation/modification.
  • For local creation/modification of the linksets the EVENT_DB_BEFORE_WRITE event should be used instead.
  • New event EVENT_ENUM_TRANSITIONS added to manage allowed transitions on apply_stimulus to replace extensibility point DBObject::EnumTransitions().
  • Previous events EVENT_DB_BEFORE_APPLY_STIMULUS, EVENT_DB_AFTER_APPLY_STIMULUS and EVENT_DB_APPLY_STIMULUS_FAILED were removed as they were not usable/useful/asked…

X-Content-Type-Options HTTP header and CORB protection

Since iTop 2.7.10 / 3.0.4 / 3.1.2 / 3.2.0, the X-Content-Type-Options HTTP header is sent with the nosniff value. This could trigger CORB protection for certain resources, preventing them from loading (see https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md#determining-whether-a-response-is-corb_protected).

To mitigate the issue, sending this HTTP header is disabled in AjaxPage, JsonPage and XMLPage.

Make sure that every JSON, XML, HTML and text/plain content you're sending is either output directly or using one of those WebPage implementation !
If you developed a newsroom provider, beware to use the application/javascript MIME type to send your JSONP content, as application/jsonp will trigger CORB protection.
Note a JsonPPage was introduced in iTop 3.1.0

Checking for the presence of specific header in the POST to enhance protection against CSRF attacks

Since iTop 3.2.0, we're following the OWASP recommendations about Ajax API calls.

If you are making an Ajax call to iTop in your extension, we recommend using our CombodoHTTP.Fetch() method. You can also use jQuery's $.ajax function. In this way, “X-Combodo-Ajax” header will automatically be added to your request.

Alternatively, you can add the “X-Combodo-Ajax” header to your requests if you don't want to change the method you're using (if you're using XMLHttpRequest or if your code is included with add_early_script) :

fetch(route, {
    method: 'POST',
        headers: {
            'X-Combodo-Ajax': true
        },
    body: formData
}).then(...
var xhr = new XMLHttpRequest();
xhr.open('POST', road, true);
xhr.setRequestHeader('X-Combodo-Ajax', 'true');
xhr.onload = function () {
...
};
xhr.send(formData);

If you can't use any of these methods (e.g. you have to send form data parameters in Ajax), you can add the “transaction_id” field in the body of the request. You can create this transaction ID in PHP with the following iTop method :

utils::GetNewTransactionId()
If there is neither “X-Combodo-Ajax” is the header nor “transaction_id” in the body of Ajax requests to ajax.render.php, they will fail with “Unauthorized access” error, which will likely break your extension.

Removed APIs

Deprecations

Class Methods

Deprecated methods New method(s) to call with parameters
SetApprovalDate SetCurrentDate('approval_date')
SetApprover SetCurrentUser('approver_id')
SetLastPendingDate SetCurrentDate('last_pending_date')
SetAssignedDate SetCurrentDate('assignment_date')
SetResolveDate SetCurrentDate('resolution_date');
SetElapsedTime('time_spent','start_date','DefaultWorkingTimeComputer');
SetClosureDate SetCurrentDate('close_date')
ResetRejectReason Reset('reason')
resolveChilds ResolveChildTickets()

list of remove methods

Class UserRequest

  • SetApprovalDate
  • SetApprover
  • SetLastPendingDate
  • SetAssignedDate
  • SetClosureDate
  • SetResolveDate
public function SetResolveDate() {
        $this->Set('resolution_date', time());
        $iTimeSpent = time() - AttributeDateTime::GetAsUnixSeconds($this->Get('start_date'));
        $this->Set('time_spent', $iTimeSpent);
        return true;
}

Class Incident

  • SetLastPendingDate
  • SetAssignedDate
  • SetClosureDate
  • SetResolveDate (same code as in UserRequest)
  • resolveChilds

Class Change

  • SetApprovalDate
  • SetClosureDate
  • ResetRejectReason

Class Problem

  • SetAssignedDate
  • SetClosureDate
  • SetResolveDate
public function SetResolveDate() {
      $this->Set('resolution_date', time());
      return true;
}

Setup ContextTag init

The setup ContextTag is now correctly set. See PR #609

Can now pass a DateTIme PHP object as value on a Set() call on a AttributeDateTime or child

Before only timestamp or strings were allowed, so the consumers were forced to do a conversion.

See PR #618

JS APIs

Breaking changes

Removed APIs

Removed files

Deprecations

Deprecated APIs

The following files were moved to NPM, so files that were previously in /css and /js directories must now be linked to their counterparts in /node_modules :

  • css/c3.min.css
  • css/jquery.contextMenu.css
  • css/magnific-popup.css
  • js/ace/
  • js/mousetrap/
  • js/c3.js
  • js/c3.min.js
  • js/d3.js
  • js/d3.min.js
  • js/clipboard.min.js
  • js/jquery.autocomplete.js
  • js/jquery.contextMenu.js
  • js/jquery.fileupload.js
  • js/jquery.iframe-transport.js
  • js/jquery-ui.custom.min.js
  • js/jquery.min.js
  • js/jquery.magnific-popup.js
  • js/jquery.magnific-popup.min.js
  • js/jquery-migrate.dev.js
  • js/jquery-migrate.prod.min.js
  • js/moment-with-locales.min.js
  • js/showdown.min.js

Unused APIs

List of files that were marked as deprecated, and are not used inside iTop core:

What changed Why was it deprecated
/js/json/json2.js MSIE polyfill, not necessary anymore
/js/json.js MSIE polyfill, not necessary anymore
/js/themes Old JQuery UI themes
/js/jquery.treeview.pack.js We are using instead the min version (jquery.treeview.min.js)

CSS APIs

Breaking changes

Removed APIs

No deprecated APIs.

Removed files

No removed files.

Deprecations

Deprecated APIs

The following files were moved to NPM, so files that were previously in /css directory must now be linked to their counterparts in /node_modules :

  • css/c3.min.css
  • css/jquery.contextMenu.css
  • css/magnific-popup.css

Deprecated files

3_2_0/release/developer.txt · Last modified: 2024/09/10 10:25 by 127.0.0.1
Back to top
Contact us