enapps-enorman commented on pull request #23: URL: https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/23#issuecomment-1075423395
> Makes it harder to misuse. @joerghoh To me the distinction you have made seems to be purely semantics. If the ProjectStage configuration defaults to "Production" then your code would only do the "Development" stuff when enabled manually. For example, if the user starts the feature launcher with a command line property variable that changes the default value or the admin manually changes the value using the ConfigurationAdmin. I think I would still prefer a generalized solution since the same decision could be useful to improve the sling DefaultErrorHandler to not return stacktrace or request progress details when in production. Exposing those implementation details of the server to the end users is a potential information disclosure vulnerability. Another example is perhaps you want to send minimized js files in production and non-minimized during development. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
