Menu
Imagine have an app, which has heavy admin interface with so much cool features, and simple user interface, like one button. I know i can restrict my access to my urls (components), based on something.(key, hash or whatever). What i want to achieve, is: If backend decide i am a regular user - it sends only small app (with only one component with button for example) and user do not receive all heavy components code for (whole site features). So he will be not able to analyse my admin javascript. If backend deicdes I'm staff - front-end should receive all necessary components for staff. If I'm admin, I should receive all components.
738
The questions is:
The general pattern is to send whole js bundled file (you can obfuscate it, minify etc.) but it still will include templates and code you've implemented. For most cases it's not the problem because there are really no sensitive data. The point is to properly secure REST API endpoints.
You can use e.g. webpack or any other bundling system that will allow you to create separate bundles and will load proper chunk of code only when it's needed (e.g. after successful login). Here you have webpack async loading.This resource will be protected by the hosting server (will require authorized user - just like REST API calls).
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
