if we’re talking about a personal website nobody will care. if you are a multibillion company and there’s the risk that literally anyone can create a 1:1 clone of your services… yeah that’s a bit of a trouble
no it doesn’t, and I am very aware that if anything runs on someone’s computer then it can get replicated.
but it gets slightly harder, also to reverse-engineer it or find potential fallacies.
as well as source maps on prod are just a waste of bandwidth
That’s the thing, it’s not actually a security measure. Security through obscurity is not security. It can provide false security impression that is more harmful in my opinion.
Having source maps can encourage proper security practices. Which, in my books, very much outweighs any security benefits of hiding them.
It was mentioned before. Source map is a comment with an URL. It’s not pulled automatically unless the client has devtools and supports that. It doesn’t meaningfully increase the size of the site for normal users.
Security through obscurity is not security. I see no reason why source maps should be unavailable.
Because source maps show how shitty your organization’s code and overall engineering practices are.
depends.
if we’re talking about a personal website nobody will care. if you are a multibillion company and there’s the risk that literally anyone can create a 1:1 clone of your services… yeah that’s a bit of a trouble
Omitting source maps doesn’t prevent that.
no it doesn’t, and I am very aware that if anything runs on someone’s computer then it can get replicated. but it gets slightly harder, also to reverse-engineer it or find potential fallacies. as well as source maps on prod are just a waste of bandwidth
Dunno, this “harder” argument while valid sounds just like false security. That’s why I don’t see much weight in it.
As for bandwidth, source maps are not automatically pulled from server, so it also seems like a false issue to me.
No, but it’s a sensible security measure. Anything to make it harder.
That’s the thing, it’s not actually a security measure. Security through obscurity is not security. It can provide false security impression that is more harmful in my opinion.
Having source maps can encourage proper security practices. Which, in my books, very much outweighs any security benefits of hiding them.
Payload size
It was mentioned before. Source map is a comment with an URL. It’s not pulled automatically unless the client has devtools and supports that. It doesn’t meaningfully increase the size of the site for normal users.
Eh, true. It does clean up the payload, but I agree it’s marginal.