I guess my first question is how people are going to know you have a JSON file (or other files) in that location?
Rather than worrying about trying to hide/block files, you store data in a database (for instance) and use APIs and functions to retrieve when required. Perhaps a service such as Sanity could work. Here is the Jamstack Explorers Mission using Sanity and Nuxt.
People with bad intentions / competitors can just go to the network tab and see the the requested files there.
On long term that is indeed what we plan to do, but it’s kind of low down our priority list because of various reasons but I assume there’s an easier solution such as just simply adding a blocking statement. Which is a better fit solution for our use case.
Not exactly what I’m looking for. I want the website itself to be able to access the files, but not allow clients to view the raw files, but maybe that’s not possible then? Regardless of the technology used? However, I’m fairly sure I’ve seen it on a website before.
Hi, @rubenszeker. If you are using server side processing then, yes, it is possible for site code to access files on the server which are not available via public URLs. However, Netlify is designed for Jamstack sites and there is no server side processing with Jamstack sites. (Note, there are limited exceptions to this with examples being Functions and Edge Handlers.) We have a support guide about this here.
@coelmay, the one issue I see with your solution is that it just changes the URL where the JSON data can be accessed but it doesn’t prevent it. It doesn’t make finding the JSON data any harder to do. It just changes the URL. The information can still be accessed with external HTTP requests. The new URL will be discoverable in the network tab of devtools in the exact same way that the original request for the JSON file was.
Now, it is possible to gate that behind authentication but that requires some sort of sign-up, login, and session tracking which is typically done with our service using JWTs as described above.
@rubenszeker, you might also consider creating APIs to send the only the data needed for an individual page.