You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running a publicly accessible site in dev or test mode is a very bad idea and we want to ensure that no-one does it. Right now, it happens sometimes, which means that it's too easy to do.
Although SilverStripe is extremely flexible and there's no way to guarantee that this warning appears in all circumstances, it's much more important that the warning banner shows on default configurations, since people who have installed the default are going to be much more likely to be those who leave their site in dev mode.
So, this could take a few forms:
A warning banner on the CMS
A warning banner on the published website
And perhaps it can be suppressed in some situations, e.g.:
If the hostname is "localhost"
If the hostname matches other pattern, such as ".localhost" or ".local"
A configuration option to indicate the dev-appropriate hostname (if the above doesn't cover a case)
A configuration option to disable the dev warning altogether
The importance of such suppression depends on how invasive it is. Perhaps it can be elegant enough that it is okay to leave on all dev sites. For example, a session-cookie to hide it would be much less distracting, and/or a persistent cookie that minimised it to an icon or something.
Yes, the 4th one could be used to render this change pointless, but the goal is to make it hard to accidentally leave the site in dev mode.
The text was updated successfully, but these errors were encountered:
Agree with Sam's suggestions. The wording would need to reflect the exceptions mentioned here, something like:
This site is in "dev mode" on a non-development domain (localhost, *.local). If it is accessible without authentication, this might pose a security risk. Please read environment types for details.
This will only achieve partial coverage, e.g. doesn't work for SPAs which use SilverStripe through APIs.
Do we also want this in test mode? This seems like a more common use case, sites are supposed to be used in test mode by authors on UAT environments etc. Maybe something less obtrusive?
@clarkepaul Can you put this in your UX backlog please? It needs to be pretty visible, which might or might not take the form of a banner. We've improved the version display panel in the CMS, maybe it fits somewhere around there?
Running a publicly accessible site in dev or test mode is a very bad idea and we want to ensure that no-one does it. Right now, it happens sometimes, which means that it's too easy to do.
Although SilverStripe is extremely flexible and there's no way to guarantee that this warning appears in all circumstances, it's much more important that the warning banner shows on default configurations, since people who have installed the default are going to be much more likely to be those who leave their site in dev mode.
So, this could take a few forms:
And perhaps it can be suppressed in some situations, e.g.:
The importance of such suppression depends on how invasive it is. Perhaps it can be elegant enough that it is okay to leave on all dev sites. For example, a session-cookie to hide it would be much less distracting, and/or a persistent cookie that minimised it to an icon or something.
Yes, the 4th one could be used to render this change pointless, but the goal is to make it hard to accidentally leave the site in dev mode.
The text was updated successfully, but these errors were encountered: