Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core): set ngDevMode to false when calling enableProdMode() #40124

Closed
wants to merge 1 commit into from
Closed

fix(core): set ngDevMode to false when calling enableProdMode() #40124

wants to merge 1 commit into from

Conversation

alan-agius4
Copy link
Contributor

@alan-agius4 alan-agius4 commented Dec 15, 2020

Currently, the global ngDevMode is set to false when using the Angular CLI optimization option. This option sets the globals via terser using the Compiler CLI private tooling API

export const GLOBAL_DEFS_FOR_TERSER = {
ngDevMode: false,
ngI18nClosureMode: false,
};
export const GLOBAL_DEFS_FOR_TERSER_WITH_AOT = {
...GLOBAL_DEFS_FOR_TERSER,
ngJitMode: false,
};
.

It is not documented that users not using the Angular CLI or using Angular Universal without optimization need to manually set to false as otherwise they will be vulnerable to XHR attacks.

The ngDevMode description also mentions that calling enableProdMode will set the value to false.

* - The user calls `enableProdMode()`.
which is currently not the case.

Closes #37644

@alan-agius4 alan-agius4 added action: review comp: core Runtime issues target: patch This PR is targeted for the next patch release action: time-zone The author of this PR is in a different time zone. Try to minimize roundtrips. labels Dec 15, 2020
@ngbot ngbot bot modified the milestone: Backlog Dec 15, 2020
@google-cla google-cla bot added the cla: yes label Dec 15, 2020
@pullapprove pullapprove bot requested a review from atscott Dec 15, 2020
@alan-agius4 alan-agius4 requested review from mhevery and removed request for atscott Dec 15, 2020
The `ngDevMode` description also mentions that calling `enableProdMode` will set this the value to `false`.
https://github.com/angular/angular/blob/4610093c87975b6355f31a9c849351129908783a/packages/core/src/util/ng_dev_mode.ts#L22 which is currently not the case.
@alan-agius4
Copy link
Contributor Author

@alan-agius4 alan-agius4 commented Dec 15, 2020

FYI: @kyliau and @mgechev.

@sod
Copy link
Contributor

@sod sod commented Dec 15, 2020

fixes #37644
fixes #36692

@alan-agius4 alan-agius4 added action: merge PR author is ready for this to merge action: presubmit A standard presubmit is running / required and removed action: review labels Dec 15, 2020
Copy link
Contributor

@IgorMinar IgorMinar left a comment

lgtm

@kyliau kyliau added the target: lts This PR is targeting a version currently in long-term support label Dec 15, 2020
@AndrewKushnir
Copy link
Contributor

@AndrewKushnir AndrewKushnir commented Dec 15, 2020

Presubmit.

@AndrewKushnir AndrewKushnir removed the action: presubmit A standard presubmit is running / required label Dec 16, 2020
@AndrewKushnir
Copy link
Contributor

@AndrewKushnir AndrewKushnir commented Dec 16, 2020

FYI, presubmit went well for the changes in this PR.

@kyliau @alan-agius4 there are 2 target labels on this PR and the tooling does not support a single PR targeting multiple
trains/versions, see #40156. I will remove the "target: lts" for now (keeping just "target: patch") so this PR can be merged. Could you please create a separate PR if we need to land this change in LTS branch as well?

Thank you.

@AndrewKushnir AndrewKushnir removed the target: lts This PR is targeting a version currently in long-term support label Dec 16, 2020
@alan-agius4
Copy link
Contributor Author

@alan-agius4 alan-agius4 commented Dec 16, 2020

Thanks @AndrewKushnir, I’ll create the PRs to target LTS branches tomorrow as I don’t have access to my laptop at the moment.

@kyliau
Copy link
Contributor

@kyliau kyliau commented Dec 16, 2020

cherry pick for v9 lts: #40159
cherry pick for v10 lts: #40160

alxhub pushed a commit that referenced this issue Dec 16, 2020
…#40124)

The `ngDevMode` description also mentions that calling `enableProdMode` will set this the value to `false`.
https://github.com/angular/angular/blob/4610093c87975b6355f31a9c849351129908783a/packages/core/src/util/ng_dev_mode.ts#L22 which is currently not the case.

PR Close #40124
@alxhub alxhub closed this in 70b4816 Dec 16, 2020
@alan-agius4 alan-agius4 deleted the prod-mode-ng-dev-mode branch Dec 17, 2020
twerske pushed a commit to twerske/angular that referenced this issue Jan 5, 2021
…angular#40124)

The `ngDevMode` description also mentions that calling `enableProdMode` will set this the value to `false`.
https://github.com/angular/angular/blob/4610093c87975b6355f31a9c849351129908783a/packages/core/src/util/ng_dev_mode.ts#L22 which is currently not the case.

PR Close angular#40124
@angular-automatic-lock-bot
Copy link

@angular-automatic-lock-bot angular-automatic-lock-bot bot commented Jan 17, 2021

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Jan 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
action: merge PR author is ready for this to merge action: time-zone The author of this PR is in a different time zone. Try to minimize roundtrips. cla: yes comp: core Runtime issues core: bootstrap target: patch This PR is targeted for the next patch release
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants