Open ejain opened 10 years ago
rkrzewski
commented
10 years ago When original sources and source maps are present in the production build of the application, you are able to debug the actual version deployed to production. You might want to restrict access to those files to a corporate network / VPN using front-end Apache or Varnish but that's a whole another story.
It can be also argued that obfuscating your JS code does not make the application any more secure ;)
ejain
commented
10 years ago Obfuscation may not protect your secret sauce algorithm, but most people probably don't want to have their full source code including comments etc exposed, at least not by default and by surprise! btw the original sources are still present even when the generation of source maps is disabled.
dylemma
commented
10 years ago :+1: It would be nice if this functionality could be turned on/off by a setting somewhere.
benmccann
commented
10 years ago Fixed this for sbt-rjs and am just awaiting a new release for that plugin. Still need a solution for sbt-less though
huntc
commented
10 years ago @benmccann This problem will be resolved via sbt-web as a whole, relating to this particular issue.
mariussoutier
commented
10 years ago This also applies to WebJars. A lot of files are generated only to map them to a CDN at runtime. A single file in a WebJar results in six files after the assets pipeline is run.
For example the webjars-requirejs contained in nearly every WebJar:
webjars-requirejs.js.gz
webjars-requirejs.js.map
webjars-requirejs.js.map.md5
webjars-requirejs.js.md5
webjars-requirejs.js.src.js.gz
webjars-requirejs.js.src.js.md5@ejain Can you report back as to whether https://github.com/rgcottrell/sbt-filter fixes this issue to your satisfaction?
@mariussoutier I would think that the above filter should filter WebJar contributed assets also (unless it avoids the lib folder explicitly). The pipeline sees all assets including WebJar contained ones.
mariussoutier
commented
10 years ago @huntc Unfortunately the plugin ignores the lib folder.
I'm also encountering an issue with sbt-digest. When I'm filtering out all js, but keeping the digest main.js (via excludeFilter in filter := "*-main.js"), the Assets controller fails to find the main script, even though the Play assets jar does contain it.
strelec
commented
9 years ago So? What's the progress like on this?
huntc
commented
9 years ago @pvlugter Do you know if this is still an issue?
ejain
commented
9 years ago @huntc it's still an issue in Play 2.3.7. The sbt-filter solution works for me, but shouldn't this be done by default?
huntc
commented
9 years ago @ejain If you could check that you're using the latest version of all sbt-web related plugins then that'd be great. sbt-web plugins have a release cycle that is different to Play's.
ejain
commented
9 years ago @huntc yes, my sbt-web plugins are all up to date. btw the plugins.sbt created with activator new references way outdated versions of the plugins...
The .less files and unminified js files can be retrieved by anyone who cares to guess the URLs for these assets!