I’ve been diving into Livewire the past couple of weeks and having a blast with it, however I noticed today that a lot of info I typically obfuscate is showing up in the responses when viewing the Network tab in Chrome.
One very basic example:
“models”:{“user”:{“class”:“App\Models\User”,“id”:1,“relations”:[],“connection”:“mysql”}}},
Full classname, user ID (we obfuscate all ID’s publicly), database connection type (??) and on other areas (dataMeta) it’s showing relations to other models, etc. For example, I made a “like” button and it’s returning lots of extra model data (Primary ID of the liked model, again which we obfuscate, the model’s relation names that are internal resource names) just so I can update the like count on the page.
Using fileuploading, it shows the path and name of the temporary file on S3 (bucketname/livewire-tmp), to which I normally upload to a temporary location before manipulating images and don’t want that location exposed. Scare case: User uploads temp file, validation rejects, file is still on server until cleanup runs
I still consider myself a bit of a newb with Livewire but is this the expected behavior behind the scenes, or am I missing something completely in how I’m utilizing it?
I’m not concerned about authorization being an issue, I eat sleep and breathe data validation - but that practice leaves me more concerned about the browser showing all of this data. So I want to make sure it’s not something I’m fundamentally doing wrong before moving on from it. Thanks for any info!