Closed toolness closed 11 years ago
As per discussion with @freddyb, we should prohibit access to /test/* if NODE_ENV is production (or perhaps if DEBUG isn't set), since we allow eval() in tests and there's no telling if the test suite could have security vulnerabilities.
/test/*
NODE_ENV
production
DEBUG
eval()
As per discussion with @freddyb, we should prohibit access to
/test/*
ifNODE_ENV
isproduction
(or perhaps ifDEBUG
isn't set), since we alloweval()
in tests and there's no telling if the test suite could have security vulnerabilities.