Disable access to mix-manifest.json for Laravel Mix

Published 01 March 2021 14:39 (1-minute read)

Some developers store internal scripts in their build process that couldn't do any harm (because of authentication/authorization checks) but want to make it more difficult to reverse engineer the solution. But when you use Laravel Mix with versioning, it exposes the secret script in mix-manifest.json. Don't you want this file to be public?

Here is an NGINX configuration that blocks access to the mix-manifest.json.

location = /mix-manifest.json {
    deny all;
    return 403;
}

Now, it will show a 403 "forbidden" error. This may let users know you use Laravel Mix.

When you use a 404 error, this could mean you are not using it (but you are):

location = /mix-manifest.json {
    deny all;
    return 404;
}

Do you use a different way of blocking this file? Let me know, and I will add it to this article.

Robin Dirksen
Robin Dirksen

Follow me on Twitter, there I post web-related content, tips/tricks, and other interesting things.

On my blog, you can find articles that I've found useful or wanted to share with anyone else.

If you want to know more about this article or just want to talk to me, don't hesitate to reach out.

Legal