I have a react project I am trying to deploy to heroku. I did so by installing the react buildpack however when I go to the website, open inspect element, all my client side source code is simply exposed to all public view. What am I doing wrong, I cannot find any help which addresses this issue but it is quite the security flaw. Help me understand, because I know I did something wrong and it should not be this way. Thanks!
Change the build script to include GENERATE_SOURCEMAP=false
so that the build commands follow it. This is an intended effect according to this
This is expected. You can delete
.map
files from the build output if you want to disable it, although you'll get console warnings about them missing.There is no harm in leaving them in though in my opinion. Client code is already available to the user’s machine so there’s no secrets in it.
scripts: {
"build": "GENERATE_SOURCEMAP=false react-scripts build"
}