New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Able to view the whole source code in the production build when I run it locally using pushstate-server #1632

Closed
reznord opened this Issue Feb 24, 2017 · 2 comments

Comments

Projects
None yet
2 participants
@reznord

reznord commented Feb 24, 2017

Able to view the whole source code of the project in the chrome debugger when running the build using pushstate-server. Not sure whether this is a known issue or an expected behavior.

NOTE:

I haven't ejected the project.

Steps to reproduce:

  • Initialize a project with CRA create-react-app testApp
  • Run yarn run build to bundle the project
  • Deploy the build using pushstate-server using pushstate-server build
  • Go to localhost:9000 and go to sources in chrome debugger.

Now go to sources and see the following path top -> webpack:// -> . -> src.

Actual Behavior

Here you can see the whole code of the project in the production build.

Expected Behavior

The source code is not supposed to be exposed in the production build.

Discussion

Can anyone confirm whether this is a bug or just an expected behavior.

The following image shows the code when I deployed the project locally using pushstate-server

screen shot 2017-02-24 at 4 10 35 pm

@gaearon

This comment has been minimized.

Show comment
Hide comment
@gaearon

gaearon Feb 24, 2017

Member

This is expected. You can delete .map files from the build output if you want to disable it, although you'll get console warnings about them missing.

There is no harm in leaving them in though in my opinion. Client code is already available to the user’s machine so there’s no secrets in it.

Member

gaearon commented Feb 24, 2017

This is expected. You can delete .map files from the build output if you want to disable it, although you'll get console warnings about them missing.

There is no harm in leaving them in though in my opinion. Client code is already available to the user’s machine so there’s no secrets in it.

@gaearon gaearon closed this Feb 24, 2017

@reznord

This comment has been minimized.

Show comment
Hide comment
@reznord

reznord Feb 24, 2017

Just wanted to know, thanks for the clarification @gaearon

reznord commented Feb 24, 2017

Just wanted to know, thanks for the clarification @gaearon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment