You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So I am not sure if this is really a bug or if it is intended to work like this, but when using the AssetMapper function importmap() with a given entrypoint, I would expect not to see other entrypoints defined in importmap.php to be part of the compiled <script type="importmap">.
How to reproduce
Add a few entrypoints in importmap.php (for example login.js, admin.js, app.js)
Use one of the entrypoints in a twig template, like so: {% block importmap %}{{ importmap('login') }}{% endblock %}
When looking into the generated source I can see in <script type="importmap"> not only an entry for login.js but for all entrypoints
Possible Solution
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered:
For now i'm not sure it is possible, when rendering the importmap, to know which scripts may be later imported... as some of them can be lazy-loaded (stimulus controller), or needed in a dynamic HTML part (via turbo, ajax, ...)
So we could maybe hide the other entrypoint files, but you would still see in the importmap all the app's controllers & vendors.
This is inside the importmap, but only the scripts that do need to run should be listed in the <link rel="modulepreload" scripts, is this not working for you ?
Does this "shared" importmap create a problem in your project ?
Thank you for your answer. So our concern is more security-related, because our application has public and private sections, and we do have scripts for both sections - now even though there is not really sensitive data in the scripts for the private sections we would rather avoid exposing those scripts in the public sections.
I understand, but sadly i don't have any solution for this..
I can tell you that anyone that want to see your scripts can, as you probably have a manifest.json in your asset directoy. But i must admit this is not the same thing as having the links in the source code.
I you needed to, i guess you could render the importmap in a template, and remove from there the lines you want to hide before rendering it on your page ?
Symfony version(s) affected
7.0.0
Description
So I am not sure if this is really a bug or if it is intended to work like this, but when using the AssetMapper function
importmap()
with a given entrypoint, I would expect not to see other entrypoints defined inimportmap.php
to be part of the compiled<script type="importmap">
.How to reproduce
importmap.php
(for examplelogin.js
,admin.js
,app.js
){% block importmap %}{{ importmap('login') }}{% endblock %}
<script type="importmap">
not only an entry forlogin.js
but for all entrypointsPossible Solution
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: