search

stackblitz / core

Online IDE powered by Visual Studio Code ⚡️
https://stackblitz.com
MIT License
10.29k stars 911 forks source link

Sdk: Possibility to hide footer actions #2236

Closed arthurbcp closed 9 months ago

arthurbcp commented 1 year ago

Is your feature request related to a problem? Please describe.

Hello, there! In my use case, I need a way to hide the code of some files that are necessary run inside the stackblitz iframe, but they cannot be exposed to my users because it has internal logic. I know it's possible to define the files which must be opened in the editor, but with a simple "ls" command in the terminal or a "cmd + p" in the editor, all files will be listed. And of course, there is also the button to download the code that there is no option to hide.

The solution I found was to create 2 stackblitz iframes, one just for code editing hiding my internal logic and the other just for preview mode. This would solve my problem, but with the options to switch views available at the bottom of the iframe and without a option to hide them, there is no way to protect this part of my code.

Describe the solution you'd like

I Know that's is a really rare scenario, but it would be great if there was the option to hide these actions and even better if there was an option to define the files that the user cannot edit or view.

fvsch commented 1 year ago

Hi @arthurbcp,

Indeed we don't have that kind of capability currently.

It looks like your use case might be served by the WebContainer API, if your users don't need to edit code (you want to run code and show the result in an iframe), or if you're up to the task of building your own editing UI (like https://learn.svelte.dev).

they cannot be exposed to my users because it has internal logic there is no way to protect this part of my code

I want to stress that any code that you run on the user's browser, which includes all the code in a StackBlitz project and all the npm dependencies that project uses, or all the code your provide to a WebContainer API instance, can be retrieved by the user. That code is not safe from the user's curious eyes.

If you want to hide some files or data for education purposes, because they are implementation details and you want to avoid distracting users, that's fine.

But if you want to use secrets that users should not be able to access, there is only one solution: having those secrets, and running the code that needs those secrets, on your own server(s).

fvsch commented 1 year ago

I’m tentatively rejecting this feature request for the StackBlitz SDK and embeds. We have no immediate plans to make embeds much more configurable (to the point where UI sections can be completely disabled) or to add a mechanism to hide files or groups of files.

I’ll leave this issue open so that it's easier to find for others. People are welcome to upvote this issue by adding a " 👍 " reaction to the initial post.