-
Notifications
You must be signed in to change notification settings - Fork 276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Next.js] Exclude ComponentProps functions from the client bundle #1753
Conversation
packages/create-sitecore-jss/src/templates/nextjs/src/lib/next-config/component-props.loader.js
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like it!
packages/sitecore-jss-dev-tools/src/templating/nextjs/component-props.loader.ts
Show resolved
Hide resolved
Great work and thank you!!! 🎉 |
@illiakovalenko, thanks for your work on this! The loader works well, but there are a couple of issues with the test pattern in componentPropsPlugin:
I recommend updating the pattern to: test: /src[\\\/]components[\\\/].*\.(js|jsx|ts|tsx)$/, This should ensure compatibility across all systems and with various file types. |
@matthewgisonno Good point |
Description / Motivation
This pull request aims to enhance the security of the app by excluding getStaticProps and getServerSideProps (component level data fetching functions) from the client bundle. This change ensures that secret values are not exposed to the client side.
Please note that in development mode, these values are exposed regardless. This is a known behavior and is not considered a security issue.
Resolves #1615
Testing Details
Types of changes