isServer blocks are sent to client - could the building process remove them?

gsabran · March 10, 2016, 7:14pm

Not sure where the best place to post this is:
I’ve noticed that the isServer blocks are sent to the client with the rest of the code. Is there a reason for doing this I’m missing other than it’d be complicated to gets rid of them for client code? (which is a very good reason given that MDG has to prioritize where to put time and efforts)
It sounds like this would only be beneficial, reducing the size of the code sent to the client.

hwillson · March 10, 2016, 7:21pm

This is by design. If you have server code you don’t want sent to the client, store it under a server directory (see the Special Directories section of the docs).

gsabran · March 10, 2016, 7:23pm

Yeah I’ve been doing that for the main parts. But sometimes it’s easier to look at your code with the server code in the same file. What are the reasons behind this design? Are those blocks of any use in the client?

Peppe_LG · March 10, 2016, 7:25pm

I can’t see any reason why applying constant folding and dead code elimination wouldn’t work. However, while developing/debugging an app, you probably want the source code to be precisely the way you’ve written it, so it makes sense that it’s not implemented here. Are you sure it’s not applied when you build your application for production? Because it would make sense to have it applied in this process.

gsabran · March 10, 2016, 7:31pm

Ah that may be it. I’m using the excellent meteor up to build the production version, but left the "NODE_ENV" var to "development" for a better React debugging (I’m was error logs like Minified exception occurred; use the non-minified dev environment for the full error message for react errors, which is not very helpful, so I set up this env var. That being said, I’m not sure how/if it’s used because 1) I still gets those logs and 2) the js code is minified etc. But that might be a thing with dead code not being removed if it is supposed to be in production) I’ll try to remove that and see how it goes

hwillson · March 10, 2016, 7:36pm

isServer blocks will still be sent to the client in production mode. Both the Guide and the docs warn of this:

From the Guide’s Secret server code section:

Keep in mind that code inside if (Meteor.isServer) blocks is still sent to the client, it is just not executed. So don’t put any secret code in there.

From the docs:

Meteor.isServer can be used to limit where code runs, but it does not prevent code from being sent to the client. Any sensitive code that you don’t want served to the client, such as code containing passwords or authentication mechanisms, should be kept in the server directory.

hwillson · March 10, 2016, 7:47pm

And just to add - the webpack:webpack package will strip isServer blocks from the client.

sashko · March 10, 2016, 8:59pm

Here’s the relevant GitHub issue:

gsabran · March 11, 2016, 8:12am

Thanks for pointing to the issue!