You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So Remix generates this big manifest.js file. This could be used by nosey users to find routes in your website that you wish they did not know about. Even though you might protect the contents of a route with some auth, even them knowing that a route exists might be unwanted.
Is there a method today to tackle this problem that I'm not aware of, or could this be a new feature?
A simplified example:
// generated-manifest.js
// ...
routes: {
root: {
path: "",
hasAction: false,
hasLoader: true,
},
"iphone14": {
// fine, publically accessible
},
"wip-iphone20-page": {
// users should not 'discover' this route
// meant only for users who 'know' the url
},
"admin/take-over-the-world": {
// has auth, but users should not 'discover' this route
},
"admin/tim-cook-fanpage": {
// has auth, but users should not 'discover' this route
},
"admin/ban-users": {
// has auth, but users should not 'discover' this route
},
"admin/our-amazing-profits": {
// has auth, but users should not 'discover' this route
},
};
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
So Remix generates this big
manifest.jsfile. This could be used by nosey users to find routes in your website that you wish they did not know about. Even though you might protect the contents of a route with some auth, even them knowing that a route exists might be unwanted.Is there a method today to tackle this problem that I'm not aware of, or could this be a new feature?
A simplified example:
Beta Was this translation helpful? Give feedback.
All reactions