On Apr 9, 2017, at 5:54 AM, Justin Mclean <jus...@classsoftware.com> wrote: > > Hi, > >> But still it would be great to have Bead which holds it. > > Can you elaborate why you think it should be in a bead?
Most use cases of HTTPService does not require authentication. Therefore code to deal with authentication should not be in the base component. Beads were designed with this exactly this in mind. > This fixes a security issue on the JS side in an existing component. There no > PAYG cost AFAICS and it’s not adding a new feature or something that should > be optional. > > If user authentication was broken in HTTPService on the AS side but worked in > JS would you think the best way to fix that was to add a bead? Yes. If there is already code in there which deals with authentication, it should be removed and placed in a bead. Not everything in FlexJS is designed 100% PAYG, but the cases where it’s not should be fixed and not compounded upon. It took me a while to get used to this style of coding as well, but I do think that we need the discipline to sticking with as much PAYG as we can. Fully functional components SHOULD be composed in the Express components. Thanks, Harbs
