Streaming live at 10am (PST)

Hosting External JS Files Privately

Hello! I’m trying to host an external JS file through dropbox/github/google drive which I’ve done successfully, the issue is that this link is public (unlike when hosting a full website where the JS files are in the folder and not accessible). Is there a way to host these files online but keep them private so that they’re in accessible if someone opens the link? I know I am able to add custom code, it’s that I want to keep this private.

Thank you

Are you trying to host code that needs to get run on your website? If so then it can’t be private as the client browser needs to download it and execute it. The best you can do would be to obfuscate your code which would make it harder to reverse engineer. In any case, as a general rule you wouldn’t put any sensitive information or keys in client side code.

1 Like

Thanks for your help @jasondark! Yes exactly, it’s a script that needs to run, it’s just a lazyloading script so nothing sensitive. But that’s my question, if I did want to have sensitive information or anything I wouldn’t be able to do it through webflow right? because it. would need to be server-side?

Correct. Add any custom code to your site, publish it, then go into your broswer’s dev tools and you will see your code right there. As a general rule anything with secure keys will need to go server side.

It’s worth noting the difference between secure keys / credentials (basically a password that lives server side and is never shared with anyone) and some API keys which are designed to live client side. Google Maps API keys are an example of this, but they do have some security in that you can restrict the domains from which requests bearing this key are accepted. So someone could steal your key but it wouldn’t be useful to them.

Okay great, thank you for your help appreciate it! I’m familiar with API keys etc, however just wasn’t sure if it’s possible at all to perhaps link a JS file to another JS file that’s hidden or something.