Exposed livewire code

When I install filament in my laravel project, the livewire source code is exposed in the debugger in firefox. Is there any way to minify this code or hide it?
No description
18 Replies
awcodes
awcodes3mo ago
Does it matter? The debugger shouldn’t be active in production.
Leonardy
Leonardy3mo ago
My application went through a pentest audit, they asked to minify this part How do I deactivate?
awcodes
awcodes3mo ago
Deactivate what. What debugger are you using that isn’t tied to the environment? In production the debugger should be null and void. In that environment the app should be throwing exceptions that are either collected in logs or a 3rd party service like sentry.
Leonardy
Leonardy3mo ago
My project is in production. And I can see the files this way And when it's local on my development machine it doesn't appear!
Leonardy
Leonardy3mo ago
No description
awcodes
awcodes3mo ago
Sorry, I don’t understand what the problem is.
Leonardy
Leonardy3mo ago
Discover the problem. If I put it in my .env APP_DEBUG=false I can view the livewire files in the Firefox debugger
No description
Leonardy
Leonardy3mo ago
If I put APP_DEBUG=true The livewire files are not exposed in the Firefox debugger. It's the other way around!
Leonardy
Leonardy3mo ago
No description
Leonardy
Leonardy3mo ago
Did you understand? This happened after I installed the filament
awcodes
awcodes3mo ago
Livewire makes Ajax requests to the server. This isn’t a filament thing. Sorry but I’m still not seeing the issue.
Leonardy
Leonardy3mo ago
Because the livewire files are available to see in the Firefox browser when I click on inspect > debugger when my environment variable APP_DEBUG=false and when I change my environment variable to APP_DEBUG=true and I can no longer see these files. The correct thing to do was not to be exposed when the environment variable APP_DEBUG=false Is it a livewire problem?
awcodes
awcodes3mo ago
Sorry. Not following. The livewire scripts will be visible just like any other js script. I just don’t understand what the problem is. Definitely not a filament issue though.
Leonardy
Leonardy3mo ago
I understood your position. However, I don't understand why the livewire scripts are not visible when APP_DEBUG=true. Wasn't it supposed to be the other way around?
Dennis Koch
Dennis Koch3mo ago
The Livewire Javascript files are always visible. Your browser needs them. I don't think "security" through minifying frontend assets is no real security enhancement. You can just beautify the code again. With help of AI you even can get some meaningful names again.
Leonardy
Leonardy3mo ago
Got it, my question now is why the code is exposed when app_debug=false. and when app_debug=true it is not exposed. Shouldn't this behavior be the other way around?
Dennis Koch
Dennis Koch3mo ago
I don't know. I never looked into this and it's coming from Livewire directly
Leonardy
Leonardy3mo ago
Got it, I'll contact livewire support. Thanks for the help
Want results from more Discord servers?
Add your server