Skip to content

docs: add warning about deploying devServer to prod environment #7203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
unlikelyzero merged 2 commits into from
Nov 7, 2023
Merged

docs: add warning about deploying devServer to prod environment #7203

unlikelyzero merged 2 commits into from
Nov 7, 2023

Conversation

@ozyx
Copy link
Contributor

@ozyx ozyx commented Nov 6, 2023
edited
Loading

Closes #7204

Describe your changes:

Adds a note in our docs to warn against deploying devServer to production as it can potentially expose vulnerabilities. Open MCT should be used as a dependency only and each consumers server should be configured accordingly.

All Submissions:

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Is this change backwards compatible? For example, developers won't need to change how they are calling the API or how they've extended core plugins such as Tables or Plots.

Author Checklist

  • Changes address original issue?
  • Tests included and/or updated with changes?
  • Command line build passes?
  • Has this been smoke tested?
  • Testing instructions included in associated issue OR is this a dependency/testcase change?

Reviewer Checklist

  • Changes appear to address issue?
  • Reviewer has tested changes by following the provided instructions?
  • Changes appear not to be breaking changes?
  • Appropriate automated tests included?
  • Code style and in-line documentation are appropriate?
  • Has associated issue been labelled unverified? (only applicable if this PR closes the issue)
  • Has associated issue been labelled bug? (only applicable if this PR is for a bug fix)

@ozyx ozyx added the type:docs updates to documentation label Nov 6, 2023
@ozyx ozyx added this to the Target:3.1.1 milestone Nov 6, 2023
@ozyx ozyx requested a review from unlikelyzero November 6, 2023 17:29
@deploysentinel
Copy link

deploysentinel bot commented Nov 6, 2023
edited
Loading

Current Playwright Test Results Summary

✅ 14 Passing - ⚠️ 1 Flaky

Run may still be in progress, this comment will be updated as current testing workflow or job completes...

(Last updated on 11/06/2023 05:39:22pm UTC)

Run Details

Running Workflow e2e-couchdb on Github Actions

Commit: 12b9276

Started: 11/06/2023 05:32:26pm UTC

⚠️ Flakes

📄   functional/plugins/notebook/notebookWithCouchDB.e2e.spec.js • 1 Flake

Test Case Results

Test Case Last 7 days Failures Last 7 days Flakes
Notebook Tests with CouchDB @couchdb Inspect Notebook Entry Network Requests
Retry 1Initial Attempt
0% (0) 0 / 47 runs
failed over last 7 days
6.38% (3) 3 / 47 runs
flaked over last 7 days

View Detailed Build Results

Current Playwright Test Results Summary

✅ 152 Passing - ⚠️ 4 Flaky

Run may still be in progress, this comment will be updated as current testing workflow or job completes...

(Last updated on 11/06/2023 05:39:22pm UTC)

Run Details

Running Job e2e-stable on CircleCI

Commit: 12b9276

Started: 11/06/2023 05:32:04pm UTC

⚠️ Flakes

📄   functional/plugins/telemetryTable/telemetryTable.e2e.spec.js • 1 Flake

Test Case Results

Test Case Last 7 days Failures Last 7 days Flakes
Telemetry Table unpauses and filters data when paused by button and user changes bounds
Retry 1Initial Attempt
0% (0) 0 / 106 runs
failed over last 7 days
11.32% (12) 12 / 106 runs
flaked over last 7 days
📄   functional/plugins/imagery/exampleImagery.e2e.spec.js • 1 Flake

Test Case Results

Test Case Last 7 days Failures Last 7 days Flakes
Example Imagery in Display Layout View Large action leaves keeps realtime mode paused
Retry 1Initial Attempt
0% (0) 0 / 107 runs
failed over last 7 days
3.74% (4) 4 / 107 runs
flaked over last 7 days
📄   functional/plugins/plot/logPlot.e2e.spec.js • 1 Flake

Test Case Results

Test Case Last 7 days Failures Last 7 days Flakes
Log plot tests Log Plot ticks are functionally correct in regular and log mode and after refresh
Retry 1Initial Attempt
0% (0) 0 / 100 runs
failed over last 7 days
46% (46) 46 / 100 runs
flaked over last 7 days
📄   functional/plugins/notebook/notebookSnapshots.e2e.spec.js • 1 Flake

Test Case Results

Test Case Last 7 days Failures Last 7 days Flakes
Snapshot image tests Can drop an image onto a notebook and create a new entry
Retry 1Initial Attempt
2.80% (3) 3 / 107 runs
failed over last 7 days
68.22% (73) 73 / 107 runs
flaked over last 7 days

View Detailed Build Results

@codecov
Copy link

codecov bot commented Nov 6, 2023
edited
Loading

Codecov Report

Merging #7203 (12b9276) into master (8e7c020) will decrease coverage by 0.02%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #7203      +/-   ##
==========================================
- Coverage   56.01%   55.99%   -0.02%     
==========================================
  Files         652      652              
  Lines       26187    26187              
  Branches     2524     2524              
==========================================
- Hits        14669    14664       -5     
- Misses      10820    10823       +3     
- Partials      698      700       +2
Flag Coverage Δ *Carryforward flag
e2e-full 41.82% <ø> (ø) Carriedforward from 8e7c020
e2e-stable 58.00% <ø> (+0.04%) ⬆️
unit 49.39% <ø> (-0.05%) ⬇️

*This pull request uses carry forward flags. Click here to find out more.

see 11 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8e7c020...12b9276. Read the comment docs.

unlikelyzero
unlikelyzero suggested changes Nov 6, 2023
View reviewed changes
Copy link
Contributor

@unlikelyzero unlikelyzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's update our warning about this to reference using nginx/apache. We should then use this to reference openmct-quickstart as an example of a production deployment

@ozyx
Copy link
Contributor Author

ozyx commented Nov 6, 2023

Let's update our warning about this to reference using nginx/apache. We should then use this to reference openmct-quickstart as an example of a production deployment

Good call. Let's sync and figure out what we want to convery wrt nginx/apache/etc. Agree this is a great place to plug openmct-quickstart

@unlikelyzero
Copy link
Contributor

unlikelyzero commented Nov 6, 2023

@ozyx let's update this #7111

@unlikelyzero unlikelyzero merged commit a64faae into master Nov 7, 2023
@unlikelyzero unlikelyzero deleted the add-devserver-note-to-docs branch November 7, 2023 00:12
ozyx added a commit that referenced this pull request Nov 14, 2023
@ozyx
cherry-pick(#7203): docs: add warning about deploying devServer to pr…
f3423f9 
…od environment

* docs: add warning about using dev server in
production environment

* docs: fix formatting
shefalijoshi pushed a commit that referenced this pull request Nov 14, 2023
@ozyx
cherry-pick(#7203): docs: add warning about deploying devServer to pr…
d40204e 
…od environment (#7237)

* docs: add warning about using dev server in
production environment

* docs: fix formatting
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@unlikelyzero unlikelyzero unlikelyzero requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

type:docs updates to documentation

Projects

None yet

Milestone

Target:3.2.0

Development

Successfully merging this pull request may close these issues.

docs: add warning about using devServer in prod environment

3 participants

@ozyx @unlikelyzero