-
-
Notifications
You must be signed in to change notification settings - Fork 766
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[eval unsafe] fix build production only!! [urgent] #283
Conversation
eval( ) problem on production!! csp unsafe
Is there a real reason, why you want to use the minified version? If you use a production ready toolchain, your toolchain will include and minify this in your build. |
no the only reason is that in 3.4.0 the NON min version is a DEV version with eval( .... i think you shoud release in dist/ only PRODUCTION env code, min and non min version |
So, your proposed fix is a hotfix and not a correct fix. |
StencilJS is complaining about 3.4 (it was not in 3.3). I don't know if it
imports dev or production, and I don't really care. For me, just stopped
working.
[ WARN ] Bundling Warning
Use of eval is strongly discouraged, as it poses security risks
and may cause issues with minification
…On Thu, Feb 7, 2019 at 1:15 PM Johann Wagner ***@***.***> wrote:
So, your proposed fix is a hotfix and not a correct fix.
You may want to look at #280 <#280>,
where an similar issue is described.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#283 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAXJyzGB9LiM-A7J_GEdEFBXOnCnNs4iks5vLEMMgaJpZM4anKGY>
.
|
i think you are missing the point. ok? i'm pushing a FULL fix to webpack.config.js |
I totally got your point. I just wanted to point out, that it is not the solution to use the minified version, otherwise you will kill tree shaking for other users. You have to fix the non minifed build, this also should be production ready, because it is in the dist folder. |
@johannwagner see now. thanks |
Thanks for flagging. Broken behavior right now, even with this fix. Originally,
@salvoravida, in principle, sure. However, I think your change added "build": "webpack --mode development && webpack --mode production" As @johannwagner pointed out:
To fix the original problem of those pesky Sure, it also marginally slows down build time, but it's a fair trade. @salvoravida thank you for catching this. It definitely escaped my eyes! |
thank you ! all is working now! |
eval( ) problem on production!! csp unsafe