How to make a javascript script file private?

Question

I want to know how to make it so that users the visit my website can't see a javascript script file.

Let me elaborate:

Sometimes, in my Javascript, I have some config information for stuff like Firebase that I don't want others to see. If someone has that information, they could potentially take it and run it on their localhost and mess with my data. I need to have the private config information on my websites Javascript, or else the site won't work. But if others see that script, then they can copy it and use it on their site, which will mess up everything. I want to know how to make a private script.

If that's not possible, that's fine. I just want to know what I should do then.

Here are some things I have tried:

<!DOCTYPE html>
<html>

<head>
  <script>
    // config information
  </script>
</head>

<body></body>

</html>

But that doesn't work. With Inspect Element, a user can easily find it.

Another idea was this:

<script src="js/config.js"></script>

But that doesn't help either, user can just inspect element, then right click on the link and say "Reveal Script in Source Panel"

What should I do?

If it's not possible to make the script private, just tell me. I just want to know what I should do.

Answer 1

Hi looks like you need to call firebase api. But don't do this in javascript from client side you should never render sensitive info to client side. Do a call on server side on post back from client instead.

Answer 2

All client resources like HTML, CSS, JS, images and other files should be public. You can hide the file by adding an entry to .htaccess, for example:

RewriteEngine on
RewriteRule \config.js$ - [R=404]

but in my opinion it does not make sense, this file is probably needed to run your application. All files served to client applications are public. Don't keep sensitive data in JS files, you can keep sensitive informations in configuration files on the backend siede but you can't share them with the client side application.