Hi I have attached a patch (MYFACES-2714-3.patch) that do what was suggested by Werner, including do not allow retrieve the javascript sources on production.
Please, take a look at this one and if no objections, I'll commit the code. regards, Leonardo Uribe 2010/5/16 Werner Punz <[email protected]> > Definitely +1 from my side regarding this, debug versions > should definitely be for development mode only. > > Werner > > > Am 15.05.10 20:59, schrieb Michael Concini: > >> I think Jan-Kees has a good point on denying access to the debug >> versions when in production mode. At least by default it might be good >> to deny access. >> >> On 5/15/2010 11:00 AM, Jan-Kees van Andel wrote: >> >>> The plan sounds good, but let's not forget the performance penalty of >>> loading multiple javascript files when in production mode. No >>> objections for loading multiple files in development mode. >>> >>> Maybe, we should even (from a security perspective) completely deny >>> access to the debug versions of the scripts when in production mode. >>> >>> My 2 cents... >>> >>> Regards, >>> Jan-Kees >>> >>> >>> >>> 2010/5/15 Werner Punz (JIRA) <[email protected] >>> <mailto:[email protected]>> >>> >>> >>> >>> [ >>> >>> https://issues.apache.org/jira/browse/MYFACES-2714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12867846#action_12867846 >>> < >>> https://issues.apache.org/jira/browse/MYFACES-2714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12867846#action_12867846 >>> > >>> ] >>> >>> Werner Punz commented on MYFACES-2714: >>> -------------------------------------- >>> >>> Actually lets do it step by step, first get Leos big combined file >>> as debug file in, once I have ext-scripting 1.0 out (which is >>> currently the next todo onm >>> y list) we >>> can work on the other more fine grained solution, after all, there >>> is no rush to do this. >>> If anyone wants to start to work on this, feel free, after all >>> this is opensource code, everyone can lay their hands on it. >>> >>> Cheers >>> >>> Werner >>> >>> >>> >>> > Include uncompressed jsf.js file and use it when development >>> mode is used >>> > >>> >>> ------------------------------------------------------------------------- >>> > >>> > Key: MYFACES-2714 >>> > URL: https://issues.apache.org/jira/browse/MYFACES-2714 >>> > Project: MyFaces Core >>> > Issue Type: Improvement >>> > Components: JSR-314 >>> > Affects Versions: 2.0.0 >>> > Reporter: Leonardo Uribe >>> > Assignee: Leonardo Uribe >>> > Attachments: MYFACES-2714-2.patch >>> > >>> > >>> > Reading some blogs about jsf 2.0, I notice mojarra include an >>> uncompressed jsf.js file and use it when development mode is used. >>> It is difficult to debug myfaces javascript for users and I think >>> it is worth to do it too. >>> >>> -- >>> This message is automatically generated by JIRA. >>> - >>> You can reply to this email to add a comment to the issue online. >>> >>> >>> >> > >
