That's why you use custom error handlers to display a nice friendly error to your visitors
I'm a firm believer that a visitor should never be shown a PHP or HTTP error message directly. The message should be logged and a nice friendly error page should be shown to the user.
That's impossible since the JS is loaded in the page. Best way is to obfuscate the code. For example this javascript file from Google Maps. It would take a very long time to figure it out that code.
Sending the people to a 403 page when accessing the javascript will break your page IIRC. The browser sends the request for the javascript page not the server so when someone tries to load the page the request for the javascript will return a 403.
As Javascript doesn't require any line termination character -- not even a semi-colon or a line break, making it utterly confusing is fairly straightforward. Simply place the entire Javascript code on 1 line.
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
No, JS is client side so you would have to make them install something on their browser. Its as simple as this, if the client's browser can run it, the client can view the source.
Join the friendly bunch on IRC...
Hide files being accessed directly?
Linear Mode
