I’m publishing an app created using the ASP.NET Core React.js template to Azure App Service. However, after publishing, I can see all the source code in the browser without any obfuscation or other protective measures. I haven’t made any changes to the settings, as it’s a pure code from the template.
Does anyone know what’s going on and what I’m doing wrong? Thanks in advance!
I have read the documentation from Microsoft and have tried searching for a solution to the problem, but nothing has helped so far.
2
Answers
I found the answer to my question and thank you all for your answers.
The problem was in the 'js map' files. To solve the problem, you just need to add
GENERATE_SOURCEMAP=falseto your .env file.For more information, you can read this article : https://izhan-yameen25.medium.com/protect-your-react-js-source-code-in-production-build-e6b408003817
Javascript is a language that is run on the client, so the code will be visible, however there are ways to bundle and minify the code so its smaller in size, which increases performance, this also obfuscates the code to a degree, but the code will always be available somehow.
see more on bundling and minification here:
https://learn.microsoft.com/en-us/aspnet/core/client-side/bundling-and-minification?view=aspnetcore-7.0