Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow STORYBOOK as env var #1724

Closed
snake-py opened this issue Jul 1, 2024 · 7 comments
Closed

Allow STORYBOOK as env var #1724

snake-py opened this issue Jul 1, 2024 · 7 comments
Labels
enhancement ✨ New feature or request

Comments

@snake-py
Copy link

snake-py commented Jul 1, 2024

Description

I am getting this error here:

error during build:
[vike:envVars] [vike][Wrong Usage] import.meta.env.STORYBOOK is used in client-side file /src/sentry/translation/utils.ts which means that the environment variable STORYBOOK will be included in client-side bundles and, therefore, STORYBOOK will be publicly exposed which can be a security leak. Use import.meta.env.STORYBOOK only in server-side files, or rename STORYBOOK to PUBLIC_ENV__STORYBOOK, see https://vike.dev/env
file: /Users/workdigital/work/hybrid-app/frontend2.0/src/sentry/translation/utils.ts
    at /Users/workdigital/work/hybrid-app/frontend2.0/node_modules/vike/dist/cjs/node/plugin/plugins/envVars.js:50:56
    at Array.forEach (<anonymous>)
    at Object.transform (/Users/workdigital/work/hybrid-app/frontend2.0/node_modules/vike/dist/cjs/node/plugin/plugins/envVars.js:36:18)
    at file:///Users/workdigital/work/hybrid-app/frontend2.0/node_modules/rollup/dist/es/shared/node-entry.js:19774:40

I know of the common prefix, however STORYBOOK is injected by the lib itself and I rather not make my own set up to detect if I run in storybook.
@brillout brillout added enhancement ✨ New feature or request and removed bug 💥 labels Jul 2, 2024
@brillout
Copy link
Member

brillout commented Jul 2, 2024

How about this:

  • We whitelist STORYBOOK
  • We create a new config env.public.

WDYT?

@snake-py
Copy link
Author

snake-py commented Jul 2, 2024

@brillout - so basically all envs in .env.public are available everywhere? And STorybook gets a whitelabled everywhere as well?

I mean this would solve this. For me it would be enough to whitelist STORYBOOK

@brillout
Copy link
Member

brillout commented Jul 2, 2024

I meant that STORYBOOK is always available on the client-side. (I.e. treating STORYBOOK as if it were prefixed with PUBLIC_ENV__.)

all envs in .env.public are available everywhere?

Is that a common practice? I ain't familiar with it. I'm slightly reluctant to have a .env.public as it makes it a little easier to mistakenly leak secrets.

@snake-py
Copy link
Author

snake-py commented Jul 2, 2024

@brillout I have seen people do this yes. But I have no fixed way of doing this. I mostly adjust to what the framework wants me to do. I just wasn't sure what you meant by adding a new config env.public

We create a new config env.public.

@brillout
Copy link
Member

brillout commented Jul 2, 2024

Ah, I see. I meant a new Vike setting:

// vike.config.js

export default {
  env: { public: ['STORYBOOK'] }
}

(The vike.config.js file is work-in-progress.)

As for .env.public, I'll think about it. In the meantime I'll whitelist STORYBOOK. ETA today.

@snake-py
Copy link
Author

snake-py commented Jul 2, 2024

Okay thank you!

@brillout brillout mentioned this issue Jul 2, 2024
Open
@brillout
Copy link
Member

brillout commented Jul 2, 2024

Pre-released as 0.4.177-commit-51d612a.

As for the rest, closing in favor of #1726.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement ✨ New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brillout @snake-py