Better way to display ERD than public folder

bpurinton commented 5 months ago

Putting erd.png in public/ would make it available in production mode as well, which is a bit of a security hole? We can think of a better way to handle this in the future, but wanted to flag it.

ellipsis-dev[bot] commented 5 months ago

To have Ellipsis create a Pull Request with the implementation, comment below with "LGTM". If you want to make changes to the plan, comment below starting with "replan" with suggestions.

Implementation Steps

Step 1: Modify DevToolbar configuration

Modify the DevToolbar configuration to point to a new secure route for the ERD. This can be done by changing the path value for the Data Model entry in the DevToolbar configuration. The new path value should be something like /secure/erd.png.

Step 2: Add a new secure route for the ERD in the parent application

Add a new secure route for the ERD in the parent application into which this library is integrated. This route should point to the ERD file in a secure location outside the public directory. The specific details of how to implement this step would depend on the structure of the parent application and how it handles routing.

Step 3: Move the ERD file to a secure location

Move the ERD file to a secure location outside the public directory. The specific details of how to implement this step would depend on the structure of the file system and what secure locations are available.

Questions? Check out our documentation.

bpurinton commented 4 weeks ago

When we resolve this, we should also likely reconsider the work done on https://github.com/firstdraft/dev_toolbar/pull/11

firstdraft / dev_toolbar