Source Maps and Component Access Issue in Next.js (Datadog)
Unanswered
Transvaal lion posted this in #help-forum
Transvaal lionOP
Hey everyone 🙂
I'm generating source maps for Datadog using
Main Concerns:
Source maps are publicly accessible, revealing the app's structure.
Users can also access the /_N_E folder, which contains all the components.
2 Tried Solutions:
1. Headers: Added a Content-Security-Policy to block .map files:
No effect.
2. Rewrites: Redirected .map file requests to a 404 page:
Still accessible.
Looking for advice on properly securing the .map files while sending them to Datadog.
thanks!
I'm generating source maps for Datadog using
productionBrowserSourceMaps: true in next.config.js, but all users can still access them directly via the browser.Main Concerns:
Source maps are publicly accessible, revealing the app's structure.
Users can also access the /_N_E folder, which contains all the components.
2 Tried Solutions:
1. Headers: Added a Content-Security-Policy to block .map files:
headers: [
{
key: "Content-Security-Policy",
value: "default-src 'none';", // Block .map files
},
]No effect.
2. Rewrites: Redirected .map file requests to a 404 page:
async rewrites() {
return [{ source: "/_next/static/:path*.map", destination: "/404" }];
}Still accessible.
Looking for advice on properly securing the .map files while sending them to Datadog.
thanks!