Exposed livewire code
When I install filament in my laravel project, the livewire source code is exposed in the debugger in firefox. Is there any way to minify this code or hide it?
18 Replies
Does it matter? The debugger shouldn’t be active in production.
My application went through a pentest audit, they asked to minify this part
How do I deactivate?
Deactivate what. What debugger are you using that isn’t tied to the environment?
In production the debugger should be null and void. In that environment the app should be throwing exceptions that are either collected in logs or a 3rd party service like sentry.
My project is in production. And I can see the files this way
And when it's local on my development machine it doesn't appear!
Sorry, I don’t understand what the problem is.
Discover the problem.
If I put it in my .env
APP_DEBUG=false
I can view the livewire files in the Firefox debugger
If I put
APP_DEBUG=true
The livewire files are not exposed in the Firefox debugger.
It's the other way around!
Did you understand?
This happened after I installed the filament
Livewire makes Ajax requests to the server. This isn’t a filament thing. Sorry but I’m still not seeing the issue.
Because the livewire files are available to see in the Firefox browser when I click on inspect > debugger when my environment variable APP_DEBUG=false and when I change my environment variable to APP_DEBUG=true and I can no longer see these files.
The correct thing to do was not to be exposed when the environment variable APP_DEBUG=false
Is it a livewire problem?
Sorry. Not following. The livewire scripts will be visible just like any other js script. I just don’t understand what the problem is.
Definitely not a filament issue though.
I understood your position. However, I don't understand why the livewire scripts are not visible when APP_DEBUG=true.
Wasn't it supposed to be the other way around?
The Livewire Javascript files are always visible. Your browser needs them. I don't think "security" through minifying frontend assets is no real security enhancement. You can just beautify the code again. With help of AI you even can get some meaningful names again.
Got it, my question now is why the code is exposed when app_debug=false. and when app_debug=true it is not exposed. Shouldn't this behavior be the other way around?
I don't know. I never looked into this and it's coming from Livewire directly
Got it, I'll contact livewire support. Thanks for the help