Depending on the exact level of stupidity clinging to the judge on that day, some jurisdictions might consider this “hacking.”
One case from the states that was luckily dismissed: https://uk.pcmag.com/security/136282/missouri-gov-goes-after-reporter-who-found-shockingly-bad-flaw-in-state-website https://www.vice.com/en/article/this-is-the-hacking-investigation-into-journalist-who-clicked-view-source-on-government-website/
Germany for example. There was just the Modern Solutions case and the ruling was that using a hex editor to get hardcoded MySQL passwords from a binary is considered hacking
Security through obscurity is not security. I see no reason why source maps should be unavailable.
Because source maps show how shitty your organization’s code and overall engineering practices are.
Ding ding ding
Open source code is usually quite nice and well done because money pressure is way less of an issue and everyone knows people will be looking at your code
If you look at the casual code that I have shamelessly made public on my GitLab, that might change your mind on that.
depends.
if we’re talking about a personal website nobody will care. if you are a multibillion company and there’s the risk that literally anyone can create a 1:1 clone of your services… yeah that’s a bit of a trouble
Omitting source maps doesn’t prevent that.
Payload size
It was mentioned before. Source map is a comment with an URL. It’s not pulled automatically unless the client has devtools and supports that. It doesn’t meaningfully increase the size of the site for normal users.
Eh, true. It does clean up the payload, but I agree it’s marginal.
