[AssetMapper] importmap() function imports all entry points #54377
Comments
|
For now i'm not sure it is possible, when rendering the importmap, to know which scripts may be later imported... as some of them can be lazy-loaded (stimulus controller), or needed in a dynamic HTML part (via turbo, ajax, ...) So we could maybe hide the other entrypoint files, but you would still see in the importmap all the app's controllers & vendors. This is inside the importmap, but only the scripts that do need to run should be listed in the Does this "shared" importmap create a problem in your project ? |
|
Thank you for your answer. So our concern is more security-related, because our application has public and private sections, and we do have scripts for both sections - now even though there is not really sensitive data in the scripts for the private sections we would rather avoid exposing those scripts in the public sections. |
|
I understand, but sadly i don't have any solution for this.. I can tell you that anyone that want to see your scripts can, as you probably have a manifest.json in your asset directoy. But i must admit this is not the same thing as having the links in the source code. I you needed to, i guess you could render the importmap in a template, and remove from there the lines you want to hide before rendering it on your page ? |
Symfony version(s) affected
7.0.0
Description
So I am not sure if this is really a bug or if it is intended to work like this, but when using the AssetMapper function
importmap()with a given entrypoint, I would expect not to see other entrypoints defined inimportmap.phpto be part of the compiled<script type="importmap">.How to reproduce
importmap.php(for examplelogin.js,admin.js,app.js){% block importmap %}{{ importmap('login') }}{% endblock %}<script type="importmap">not only an entry forlogin.jsbut for all entrypointsPossible Solution
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: