I would like to debug production website, but I don't want to upload the map file on the server (for privacy reason, because it is public right ?).
Is it possible ?
1
-
3What are your privacy concerns for the map file, considering all of the JavaScript code is public, anyways?jeffjenx– jeffjenx2013-04-02 16:42:11 +00:00Commented Apr 2, 2013 at 16:42
Add a comment
|
4 Answers
I don't believe any browsers currently allow loading source maps ondemand from local files, so you have to put the sourcemaps online somehow.
One solution could be to create a .htaccess file (or something similar, if you aren't using Apache) that restricts access to the sourcemap (and the original source files) to clients that aren't from your local network.
You should realize though, that if you want to prevent access to the sourcemaps for security reasons, then all you will achieve is a false sense of safety. Javascript is public, and even if it is minified and encrypted, it is fairly easy to unencrypt it. Do not put any sensitive data in your javascript. Not even if you minify and encrypt it.
3 Comments
Useless Code
It won't run if it is encrypted, I think you mean obfuscated?
AHM
Obfuscation, of course, could be unraveled just by passing the code through a beautifier, but I guess my point is that no matter what you would think of, you would still be sending all your code and data to the client. So, even if you create some kind of amazing encryption scheme, you would still need to send the means to unencrypt it to the client because, as you say, otherwise the client won't be able to run it. All an attacker would have to do is put a breakpoint in sometime after the 'secret' data have been unencrypted.
caesay
It's not really about hiding sensitive data, it's about raising the effort required to rip off your functionality.
Following might be useful for you
Multi-level Source Maps - The CSS Ninja
The link also explains using UglifyJS2 with which an input source map can be specified. However, I have not tested with a local input source
Also, you can try hosting the file on local and changing your hosts file to point something like local.mydomain.com to localhost. And then specify local.mydomain.com/js/my-orig-js-file.js as the Source Root
Comments
Chrome supports adding local source map files as soon as they are accessible via http(s).
The first think is to use a localhost static server like 'serve' to serve your map files.
you can use: serve -s mapDirectory command to create a localhost web server that serves the map files you want.
Then:
- Open devtools,
- Open the sources tab and find the minified js file you want to add the source map.
- Click on the js file you want to debug and on the editor side right click and select add source map.
- Add the localhost url where the map file is
More information with video on how to do this can be found here: https://developer.chrome.com/docs/devtools/javascript/source-maps
Comments
Another solution is to upload the map file and the minified js on the server and keep the original js file locally. Then modify your map file in something like this:
{
"version":3,
"sources":["http://localhost/library.js"],
"names":["example","console","log"],
"mappings":"AAAA,QAASA,YACRC,QAAQC,IAAI","file":"script.min.js"
}
