Home/ Questions/Q 8330979
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T02:17:13+00:00

What is the procedure for securing static assets (javascript and css) behind the firewall?

  • 0

What is the procedure for securing static assets (javascript and css) behind the firewall?
I have an admin section which uses javascript heavily. I don’t really want to expose the code to the public.

I currently compile all my javascript using assetic to files in /web/admin/js/xyz.js

Is there a simple way to do this that I’m overlooking?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could use a controller to serve the static file and secure that controller. Something like:

    /** 
 * Serves static javascript file. 
 * We have configured /secure to be secured by some firewall
 *
 * @Route("/secure/xyz.js", name="static_xyz")
 */
public function staticXyzAction()
{   

    $headers = array(
        'Content-Type' => 'text/javascript',
    );  

    return new Response(file_get_contents($this->get('kernel')
        ->getRootDir().'../web/admin/js/xyz.js'), 200, $headers);
}

    This is just an example with the data you provided. Obviously in your final code the file being served should be located in some directory which is not directly accesible by the web server.

    The obvious downside to this approach is performance. PHP is much slower for serving an static file than your web server but depending on your load this may not be an issue.

    • 0