[server] demoapp status
telliott at mozilla.com
Mon Oct 10 11:09:36 PDT 2011
On Oct 10, 2011, at 10:56 AM, Tarek Ziade wrote:
> On 10/10/2011 07:10 PM, Toby Elliott wrote:
>> Looks good. I like the readability of the api decorator.
>> On Oct 8, 2011, at 10:13 AM, Tarek Ziade wrote:
>>> I've reworked a little bit demoapp and added :
>>> - the config files we had previously (accessible as a config object via the request object)
>>> - the __heartbeat__
>>> - a __apidocs__ page that displays a list of webservices the application contains
>>> - a __config__ page to display the config file(s)
>> Please make extra sure this is off by default and only accessible if you set a very specific conf variable and do a little rain
> the flag to toggle them on will be on by default in a dev. environment, and deactivated at two levels in prod, like what we have right now, which is:
> - an nginx rule that prevents access to /__<anything> (I think it's specifically __debug__ + __heartbeat__ right now)
> - the flag removed, defaulting to not activated.
> The Pyramid debug bar is already removed in production.ini by default btw
I'm not worried about production. I'm worried about someone installing the server externally. They should have to explicitly enable the config page (accompanied by a scary warning in the config file). What are the odds that an external deployer will be in dev mode without realizing it? If zero, then I'm happy.
> So, when you code you have to think about this and maybe move around functions, which can be annoying. An explicit list solves this.
Yeah, I think that's an acceptable tradeoff for this.
More information about the Services-dev