-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
read env vars from next.config.js #3128
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
8 Ignored Deployments
|
Current dependencies on/for this PR:
This comment was auto-generated by Graphite. |
586f141
to
c72eea5
Compare
2d7e043
to
bee856c
Compare
d77177d
to
842604d
Compare
bee856c
to
e3eac6b
Compare
crates/next-core/src/env.rs
Outdated
for (var, val) in next_config.env.iter() { | ||
map.insert(var.clone(), val.clone()); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is happening post encoding (via the EmbeddableProcessEnvVc
), which means a { env: "alert('XSS')" }
injects live code and will actually alert the user.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, fixed
e3eac6b
to
91c0cf2
Compare
🟢 CI successful 🟢Thanks |
91c0cf2
to
7d865b1
Compare
7d865b1
to
d7986a6
Compare
d7986a6
to
7fd145a
Compare
Benchmark for cfe5756Click to view benchmark
|
No description provided.