I think that everyone of you knows that with Dynamics 365 Business Central extensions your code is by default protected against downloading or debugging. For managing this, in the extension’s app.json file there’s a property called showMyCode that allows the code to be debugged from other extensions when it has been published. The default setting is false and this means that debugging into an extension or going to definition to view the code is not allowed.
If you use showMyCode = true, an extension source will be available both for debug, download (PTEs), and in symbols. This is the reason why many partners uses the default false value but this choice has the effect to also prohibiting debug and so leading to longer times to mitigate customer issues, and challenges with providing alternatives for debugging a source.
Now some things change in Dynamics 365 Business Central version 19. When creating an extension that targets v19 (starting from the public preview available from today), you will start receiving a new warning:
What does that mean?
Starting from Dynamics 365 Business Central 2021 Wave 2 (version 19) you can specify a policy for exposing your source code to other extensions. You can do that by using the new resourceExposurePolicy property, that defines the accessibility of the resources and source code during different operations.
Inside this property, you can specify the following options:
- allowDebugging: Allows the code to be debugged from other extensions when it has been published. The default setting is false.
- allowDownloadingSource: Allows the source code to be downloaded. The default setting is false.
- includeSourceInSymbolFile: Includes the source code in the symbol package. The default setting is false.
To define a resource exposure policy, you can write something like in the following example:
This permits you to define with a fine granularity how to protect your IP and what to expose for debugging to other extensions. Now the life could be better…
Stefano Demiliani 
Would Code Coverage work again? Now, it just crashes.
LikeLike
There will be something new soon…
LikeLike
In my docker based dev environment even if specify allowDownloadingSource to false, still able to download source code from extension management. Is there an issue?
“resourceExposurePolicy”: {
“allowDebugging”: true,
“allowDownloadingSource”: false,
“includeSourceInSymbolFile”: false
},
LikeLike
Not sure it’s yet supported on Docker. Please also check to not have also ShowMyCode property listed in your app.json file.
LikeLike
Yes I have removed ShowMyCode property. Hope that just not supported on Docker as you mentioned. ThankU Stefano.
LikeLike