I have a PWA hosted on GitHub so IPhone users can use Safari to download the app. I noticed that I can edit the .js file on github which exposes sensitive data stored as constants. For example, tokens. Is there a way to secure the .js?
thank you
The rule is, there should be no sensitive data in JS file. All sensitive data should be in the back-end.
What Bruno said is correct. However, if you do not have a back end, I suggest you use https://www.javascriptobfuscator.com. It has a mode to encrypt the strings and is reasonably priced.