-
-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssr-manifest.json and ssrContext disclose folder structure present in the source code #3303
Comments
This is actually not the case. By design, Vite does things properly in that regard. Maybe you found a bug, but I couldn't reproduce it; moving the root folder around in my FS doesn't break things.
If you don't want to expose the structure of your source code, simply don't make it public. No one forces you to make your manifest files public. As far as I'm concerned there is no issue here. |
There are plenty of cases where the resulting files of the build are meant to be a deliverable but not the source code. I believe you and I will not be able to find common ground in this matter so I'll let the people responsible for reviewing the PR of this software to decide. Did you have the opportunity to take a look at the example I provided in the PR? It solves the use case put forward in #2282 (preload links in dev mode ssr) and is not hindered by #3315. git clone https://github.com/ferdinando-ferreira/vite.git --single-branch -b before-merge before-merge
cd before-merge
yarn
yarn build
cd packages/playground/ssr-vue
yarn dev The relevant change is let preloadLinks = ''
let idToCode = {}
let manifest
if (isProd) {
manifest = prodManifest
} else {
function requireFromString(src) {
var Module = module.constructor
var m = new Module()
m._compile(src, '')
return m.exports
}
const manifestIdToModule = {}
vite.moduleGraph.idToModuleMap.forEach((module) => {
manifestIdToModule[module.id] = module
if (/.css$/.test(module.id)) {
if (module.transformResult?.code) {
const found = module.transformResult.code
.split(/\r?\n/)
.filter((line) => /^const css/.test(line))
if (found) {
idToCode[module.id] = requireFromString(
found[0] + '\nmodule.exports = css'
)
}
}
}
})
const devManifest = {}
Array.from(modules).forEach((moduleId) => {
devManifest[moduleId] = Array.from(
manifestIdToModule[moduleId].importedModules
).map((module) => module.id)
})
manifest = devManifest
}
preloadLinks = renderPreloadLinks(modules, manifest, isProd, idToCode) That reads the correct data structure for the use case you are trying to solve (that being Did you have the opportunity to review it? |
* fix(ssr): normalize manifest filenames Fixes #3303 * fix(ssr): normalize manifest filenames
This issue gets locked because it has been closed for more than 14 days. |
* fix(ssr): normalize manifest filenames Fixes vitejs#3303 * fix(ssr): normalize manifest filenames
Describe the bug
In a ssr build, ssr-manifest.json and ssrContext (in the
dist/server/entry-server.js
file), will contain the complete filenames (including the folder structure) present in the source code. This causes two problems:Submitted #3315 as a comprehensive fix
Reproduction
Two files will contain complete paths from the source code:
System Info
Output of
npx envinfo --system --npmPackages vite,@vitejs/plugin-vue --binaries --browsers
:Used package manager:
yarn
Logs
N/A
Other comments
Here is a "naive" solution for the root causeEDIT: Sent a #3315 as a more robust implementation that solves both the "leak" and the determinism issues.
Before submitting the issue, please make sure you do the following
The text was updated successfully, but these errors were encountered: