Prevent all frontend access to explicit properties

[titonova]

First of all, I love your work, it's been a lifesaver.

However, I have a little issue. Currently, setting a component with WithExplicitAccess prevents public methods from being called and public properties from being modified in the frontend.

However, what if you want to prevent the public properties from being accessed by the frontend whatsoever. That is Livewire.first().myProperty should not return the value of myProperty whatsoever, but you still want Blade to be able to securely access the property?

[stancl]

However, what if you want to prevent the public properties from being accessed by the frontend whatsoever

Then they wouldn't be part of the component state.

You can use protected properties for this.

[titonova]

I understand what you mean. But here's an example.

<livewire:api-delete-button api-name="CommercialAPI' api-key="134235476576876"/>

Here, I want the value of the api-key to be able to passed to the livewire tag as a property, but at the same time, I DON'T want it to be accessible in the front-end whatsoever. I could easily just set $apiKey as protected , however, doing so would prevent api-key from being able to be set in the livewire tag

[stancl]

I think it will get passed down if the property exists/is accepted in mount() of that component. It just won't be part of the shared data, so it will only be present there on the first render. Components become self-managed after that, so you'd need to find a way to fetch the API key inside the child component.

[titonova]

I think it will get passed down if the property exists/is accepted in mount() of that component

Yeah, didn't work for me at all.Immediately I changed the property from public to protected, it threw an error That's why Im having this issue. Maybe, I'm doing something wrong. If you could share a minimal example of it working, that'll be great

[stancl]

Passing the value is irrelevant anyway, because of this:

Components become self-managed after that, so you'd need to find a way to fetch the API key inside the child component.

You need to find a way to fetch the value inside the child component and set it as a protected property on mount/hydrate. It can't be public because then it becomes part of the component state shared with the frontend.

[titonova]

I'm sorry, what do you mean child component, in this case

[stancl]

<livewire:api-delete-button api-name="CommercialAPI' api-key="134235476576876"/>