Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Next.js] Exclude ComponentProps functions from the client bundle #1753

Merged
merged 8 commits into from
Mar 6, 2024

Conversation

illiakovalenko
Copy link
Contributor

@illiakovalenko illiakovalenko commented Mar 4, 2024

Description / Motivation

This pull request aims to enhance the security of the app by excluding getStaticProps and getServerSideProps (component level data fetching functions) from the client bundle. This change ensures that secret values are not exposed to the client side.

Please note that in development mode, these values are exposed regardless. This is a known behavior and is not considered a security issue.

Resolves #1615

Testing Details

  • Unit Test Added
  • Manual Test/Other - added getStaticProps/getServerSideProps to existing components and imported a secret variable. Secret variable is not included in a bundle (in production mode)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

@illiakovalenko illiakovalenko requested a review from a team March 4, 2024 10:32
@illiakovalenko illiakovalenko requested a review from ambrauer March 5, 2024 10:35
Copy link
Contributor

@ambrauer ambrauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like it!

@illiakovalenko illiakovalenko merged commit 74e2e36 into dev Mar 6, 2024
1 check passed
@illiakovalenko illiakovalenko deleted the bugfix/JSS-783 branch March 6, 2024 14:54
@coreyasmith
Copy link
Contributor

Great work and thank you!!! 🎉

@matthewgisonno
Copy link

matthewgisonno commented Mar 19, 2024

@illiakovalenko, thanks for your work on this! The loader works well, but there are a couple of issues with the test pattern in componentPropsPlugin:

  • It's tailored for Windows paths, causing issues on other systems.
  • It only matches .tsx files, limiting file type flexibility.

I recommend updating the pattern to:

test: /src[\\\/]components[\\\/].*\.(js|jsx|ts|tsx)$/,

This should ensure compatibility across all systems and with various file types.

@illiakovalenko
Copy link
Contributor Author

illiakovalenko commented Mar 20, 2024

@matthewgisonno Good point
I will add it as a follow-up for us. It's possible to make it more flexible. Currently, it's tied to the existing next.js starter (typescript based)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Component-level data fetching functions included in client bundle
4 participants