mhsdesign
commented
1 year ago probably the only information leakage would be this command.
do you think (@kitsunet) its okay to expose the available site packages when no site is available?
Closed mhsdesign closed 1 year ago
mhsdesign
commented
1 year ago probably the only information leakage would be this command.
do you think (@kitsunet) its okay to expose the available site packages when no site is available?
kitsunet
commented
1 year ago How about we actually configure the checks differently for production and development. Not even sure which ones you want for production but eg we could just set production to empty? Or just the basic checks. And have everything else only in dev. that seems a safe and sensible default? WDYT?
mhsdesign
commented
1 year ago I like the idea to switch based on the context. I was thinking to difficult and already thought about authorization for the setup route for special stuff. Buuut dev context is already leaking information by default (look at those beautiful exception stack traces) so we might aswell leak some infos then ^^.
I dont really know what checks one would want in prod ... and actually was thinking about running them all too ... (just the checks will handle leaking more or less information)
see https://github.com/neos/neos-development-collection/issues/4243 for overview
this is the neos part
flow part: https://github.com/neos/setup/pull/59