Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core): set ngDevMode to false when calling enableProdMode() #40124

Closed
wants to merge 1 commit into from
Closed

fix(core): set ngDevMode to false when calling enableProdMode() #40124

wants to merge 1 commit into from

Conversation

alan-agius4
Copy link
Contributor

@alan-agius4 alan-agius4 commented Dec 15, 2020

Currently, the global ngDevMode is set to false when using the Angular CLI optimization option. This option sets the globals via terser using the Compiler CLI private tooling API

export const GLOBAL_DEFS_FOR_TERSER = {
ngDevMode: false,
ngI18nClosureMode: false,
};
export const GLOBAL_DEFS_FOR_TERSER_WITH_AOT = {
...GLOBAL_DEFS_FOR_TERSER,
ngJitMode: false,
};
.

It is not documented that users not using the Angular CLI or using Angular Universal without optimization need to manually set to false as otherwise they will be vulnerable to XHR attacks.

The ngDevMode description also mentions that calling enableProdMode will set the value to false.

* - The user calls `enableProdMode()`.
which is currently not the case.

Closes #37644

@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer area: core Issues related to the framework runtime target: patch This PR is targeted for the next patch release action: time-zone labels Dec 15, 2020
@ngbot ngbot bot modified the milestone: Backlog Dec 15, 2020
@google-cla google-cla bot added the cla: yes label Dec 15, 2020
@pullapprove pullapprove bot requested a review from atscott December 15, 2020 08:08
@alan-agius4 alan-agius4 requested review from mhevery and removed request for atscott December 15, 2020 08:14
The `ngDevMode` description also mentions that calling `enableProdMode` will set this the value to `false`.
https://github.com/angular/angular/blob/4610093c87975b6355f31a9c849351129908783a/packages/core/src/util/ng_dev_mode.ts#L22 which is currently not the case.
@alan-agius4
Copy link
Contributor Author

FYI: @kyliau and @mgechev.

@sod
Copy link
Contributor

sod commented Dec 15, 2020

fixes #37644
fixes #36692

@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker action: presubmit The PR is in need of a google3 presubmit and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Dec 15, 2020
Copy link
Contributor

@IgorMinar IgorMinar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@kyliau kyliau added the target: lts This PR is targeting a version currently in long-term support label Dec 15, 2020
@AndrewKushnir
Copy link
Contributor

Presubmit.

@AndrewKushnir AndrewKushnir removed the action: presubmit The PR is in need of a google3 presubmit label Dec 16, 2020
@AndrewKushnir
Copy link
Contributor

FYI, presubmit went well for the changes in this PR.

@kyliau @alan-agius4 there are 2 target labels on this PR and the tooling does not support a single PR targeting multiple
trains/versions, see #40156. I will remove the "target: lts" for now (keeping just "target: patch") so this PR can be merged. Could you please create a separate PR if we need to land this change in LTS branch as well?

Thank you.

@AndrewKushnir AndrewKushnir removed the target: lts This PR is targeting a version currently in long-term support label Dec 16, 2020
@alan-agius4
Copy link
Contributor Author

alan-agius4 commented Dec 16, 2020

Thanks @AndrewKushnir, I’ll create the PRs to target LTS branches tomorrow as I don’t have access to my laptop at the moment.

@kyliau
Copy link
Contributor

kyliau commented Dec 16, 2020

cherry pick for v9 lts: #40159
cherry pick for v10 lts: #40160

alxhub pushed a commit that referenced this pull request Dec 16, 2020
…#40124)

The `ngDevMode` description also mentions that calling `enableProdMode` will set this the value to `false`.
https://github.com/angular/angular/blob/4610093c87975b6355f31a9c849351129908783a/packages/core/src/util/ng_dev_mode.ts#L22 which is currently not the case.

PR Close #40124
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Jan 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
action: merge The PR is ready for merge by the caretaker area: core Issues related to the framework runtime cla: yes core: bootstrap target: patch This PR is targeted for the next patch release
Projects
None yet
Development

Successfully merging this pull request may close these issues.

mark enableProdMode as deprecated and output a warning that it should not be used anymore
6 participants