I guess that this is a bit silly in 2019,
but since people tend to use weird browsers in weird
places, disabling autocompletion here might prevent
the password from ending up in some local cache.
When Tomcat is not available (for example, when using Jetty), the
ClientAbortException is not available either, causing an error when
starting the server.
This commit fixes that, and instead catches that exception (or its Jetty
equivalent) via reflection.
When streaming, log messages now show the URL and IP of the originating
request, so that it's easier to determine what client is listening to
something on the server.
The `ClientAbortException` exception indicates that the connection was
closed by the client, usually for something the server can do nothing
about (e.g. navigating outside of the page while it's loading).
Since this error happens often, this commit displays shorter error
messages when it does, without a large stack trace.
All other exceptions are handled just as before.
The only place where the string `webfx` is mentioned
was in playQueue.jsp, to include a small css file, twice,
that only applies to webfx components, that aren't used
anywhere in the codebase.
Since Spring's default remember-me technique is
terrible security-wise (`user:timstamp:md5(use:timestamp:password:key)`),
we should at least use a random key, instead of a fixed one,
otherwise, and attacker able to capture the cookies
might be able to trivially bruteforce offline
the password of the associated user.
The inline javascript used with the cancel buttons
was only used to change the location.
Instead of doing this, it's easier to wrap
the button in a tag.
This is related to #909.