Closed toolness closed 11 years ago
As per discussion with @freddyb, we should prohibit access to /test/* if NODE_ENV is production (or perhaps if DEBUG isn't set), since we allow eval() in tests and there's no telling if the test suite could have security vulnerabilities.
/test/*
NODE_ENV
production
DEBUG
eval()
As per discussion with @freddyb, we should prohibit access to
/test/*ifNODE_ENVisproduction(or perhaps ifDEBUGisn't set), since we alloweval()in tests and there's no telling if the test suite could have security vulnerabilities.