-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean the output when useJWT=true #756
Conversation
static/webpack-config.js
Outdated
new webpack.EnvironmentPlugin({ | ||
JAMBO_INJECTED_DATA: null | ||
new webpack.DefinePlugin({ | ||
'process.env.JAMBO_INJECTED_DATA': JSON.stringify(JSON.stringify(updatedJamboInjectedData)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For my own edification, what's the scope of using the JAMBO_INJECTED_DATA
in our Webpack toolchain? I believe we use it in the iFrame assets to get domains and such. Are we embedding the whole object in any of our static assets or using the apiKey in any of the static assets?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We do put the whole object in a few spots, and that ends up in many of our assets.
Webpack puts it into the HitchhikerJS.getInjectedProp() function. The only spot where that accesses the apiKey in our code is in core.hbs, but I disabled that access when useJWT is true. It's possible that someone might be trying to get the apiKey from getInjectedProp(), but that really doesn't make sense if a site is built with useJWT=true.
Secondly, it's put in the InjectedData class which simply provides info about the domains, so the apiKey is not needed there.
it looks like there's something funny with the iframe snapshots |
The issue was that I needed to fall back to null if JAMBO_INJECTED_DATA was not supplied |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
Remove the apiKey from the build output when useJWT=true The apiKey needs to be removed in the templatedataformatter and in the JAMBO_INJECTED_DATA that weback puts in the bundles. J=J=SLAP-1118 TEST=manual, auto When useJWT is true, run a build and search for the apiKey and confirm that it does not appear anywhere in the build output. Test this with JAMBO_INJECTED_DATA which contains apiKeys. Smoke test the JWT integration and the standard integration. Add unit test.
Remove the apiKey from the build output when useJWT=true The apiKey needs to be removed in the templatedataformatter and in the JAMBO_INJECTED_DATA that weback puts in the bundles. J=J=SLAP-1118 TEST=manual, auto When useJWT is true, run a build and search for the apiKey and confirm that it does not appear anywhere in the build output. Test this with JAMBO_INJECTED_DATA which contains apiKeys. Smoke test the JWT integration and the standard integration. Add unit test.
Remove the apiKey from the build output when useJWT=true
The apiKey needs to be removed in the templatedataformatter and in the JAMBO_INJECTED_DATA that weback puts in the bundles.
J=J=SLAP-1118
TEST=manual, auto
When useJWT is true, run a build and search for the apiKey and confirm that it does not appear anywhere in the build output. Test this with JAMBO_INJECTED_DATA which contains apiKeys. Smoke test the JWT integration and the standard integration. Add unit test.