First we are using an older version of ember for a store project. In that project we wrote an add-on (was going to be shared) that we use as a cart. We have a dummy app that we flushed out for the add on which looking at the addon is standard to be included (can you tell I am not the original author).
The issue comes in that the dummy app has a redirect HTML file with a postMessage that is wide open and security flagged this as a vulnerability. I can probably change that to lock down to the referrer and hope that does not break the dummy app.
However I am wondering why the dummy app is being deployed when we include the add on in the parent application anyway. I understand including it when we are running in development mode, maybe on a test line deployed, but full on production. So is there a way to safely remove deployment of this app say based on a configuration during building the parent app so we could possibly support a test line?