-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
minimal access in production mode #62
Conversation
fixed exception templating to prevent log-spam |
I suspect that the current change is not enough.
|
Another thought - people who want to use the Docker approach and have the editor available on "localhost:3000" need to be told how to start up the container so that it will get into |
Agreed - I need to think this through and find a good way to pass the
I don't think I understand what you're getting at here. The way I'm thinking of growing this out is to wrap the original problemJWT in the sessionJWT... this means that the sessionJWT will enforce a consistent use of the original problemJWT. Maybe that's not what you're getting at, though... Also, yeah, an exception
Indeed. That is by design. Anything configuration that a CMS wants enforced must be included in the initial problemJWT. That JWT is then wrapped into the sessionJWT and remains untouched throughout the user's interaction with the problem. I would like to introduce the ability to 'overwrite' the session's problemJWT (use case: problem is bugged) - though we could always 'force' a restart by dumping the session and starting from a 'fresh' problemJWT... I just don't like dumping data. It won't matter too much in this case, as the interaction data is invalidated by being paired with a dysfunctional problem. |
Use the
ENV{MOJO_MODE}
environment variable to manually set 'development' or 'production' mode for running the renderer.Note that running the renderer app with
morbo
will automatically set this value to 'development', while running withhypnotoad
will set the value to 'production'.All routes (except
/render-api
and/webwork2_files
) are blocked in production mode.Also, in production mode, requests to
/render-api
must be made with JWE, rather than as raw form-data or x-www-form-urlencoded.