From f7c51f93b727760249dbcac3e9c54c953d589f64 Mon Sep 17 00:00:00 2001 From: Jesse MacFadyen Date: Wed, 8 Jan 2025 15:00:05 -0800 Subject: [PATCH 1/2] pass strict flag through to runDev --- src/commands/app/dev/index.js | 5 +++++ src/lib/run-dev.js | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/commands/app/dev/index.js b/src/commands/app/dev/index.js index 5b15684..c76a75f 100644 --- a/src/commands/app/dev/index.js +++ b/src/commands/app/dev/index.js @@ -156,6 +156,7 @@ class Dev extends BaseCommand { const runOptions = { skipActions: false, skipServe: false, + strictMode: flags.strict, parcel: { logLevel: flags.verbose ? 'verbose' : 'warn', // always set to false on localhost to get debugging and hot reloading @@ -299,6 +300,10 @@ Dev.flags = { default: false, char: 'o' }), + strict: Flags.boolean({ + description: 'Run in strict mode, this will block non-web actions from being run directly', + defaullt: false + }), extension: Flags.string({ description: 'Run only a specific extension, this flag can only be specified once', char: 'e', diff --git a/src/lib/run-dev.js b/src/lib/run-dev.js index fd5d831..ca9b26c 100644 --- a/src/lib/run-dev.js +++ b/src/lib/run-dev.js @@ -73,6 +73,8 @@ async function runDev (runOptions, config, _inprocHookRunner) { const hasBackend = devConfig.app.hasBackend const httpsSettings = runOptions?.parcel?.https + // actionConfig.strictMode = runOptions.strictMode + serveLogger.debug('hasBackend', hasBackend) serveLogger.debug('hasFrontend', hasFrontend) serveLogger.debug('httpsSettings', JSON.stringify(httpsSettings, null, 2)) @@ -495,8 +497,8 @@ async function serveWebAction (req, res, actionConfig, distFolder, actionLoader distFolder, contextActionLoader: actionLoader } - - if (invoker && !sequence) { + console.log('actionConfig.strictMode =', actionConfig.strictMode) + if (invoker && !sequence && !actionConfig.strictMode) { if (!isWebAction(contextItem)) { actionLogger.warn('serving non-web action : this call will fail without credentials when deployed.') } From 819d81e792995c82ccacc7833cb4c9589689d2ae Mon Sep 17 00:00:00 2001 From: Jesse MacFadyen Date: Wed, 8 Jan 2025 17:40:51 -0800 Subject: [PATCH 2/2] reject non-web action in strict mode --- src/lib/run-dev.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/lib/run-dev.js b/src/lib/run-dev.js index ca9b26c..bc542b2 100644 --- a/src/lib/run-dev.js +++ b/src/lib/run-dev.js @@ -73,7 +73,7 @@ async function runDev (runOptions, config, _inprocHookRunner) { const hasBackend = devConfig.app.hasBackend const httpsSettings = runOptions?.parcel?.https - // actionConfig.strictMode = runOptions.strictMode + actionConfig.strictMode = runOptions.strictMode === true serveLogger.debug('hasBackend', hasBackend) serveLogger.debug('hasFrontend', hasFrontend) @@ -497,7 +497,6 @@ async function serveWebAction (req, res, actionConfig, distFolder, actionLoader distFolder, contextActionLoader: actionLoader } - console.log('actionConfig.strictMode =', actionConfig.strictMode) if (invoker && !sequence && !actionConfig.strictMode) { if (!isWebAction(contextItem)) { actionLogger.warn('serving non-web action : this call will fail without credentials when deployed.')