Disable sourcemaps for production build by default in startertemplate

Created on 3 October 2023, almost 2 years ago

Problem/Motivation

The started template will include sourcemaps containing eval() statements to the production build when used as shipped in this module. I think disabling sourcemaps using devtool: false would make more sense as the default in the webpack config. If someone needs devtools, they can enable it intentionally.

The main reason for this aside the fact that production builds shouldn't contain sourcemaps is, that builds containing such sourcemaps with eval() statements break ckeditor5 on sites sending a Content Security Policy header.

Steps to reproduce

Ensure your site sends the Content Security Policy header containing unsafe-inline in the value
Compile a plugin using the starter template and enable it

Result: ckeditor5 breaks.

Proposed resolution

Add devtool: false to the webpack config of the starter template.

🐛 Bug report

Status

Needs review

Version

1.0

Component

Code

Created by

s_leu

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @s_leu
Comment almost 2 years ago →
s_leu
@s_leu opened merge request.
Status changed to Needs review almost 2 years ago6:39am 3 October 2023
Comment almost 2 years ago →
s_leu
Btw. would be nice to have some style loader in the shipped webpack config too, but that's probably another issue of its own.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024