Vercel now gates production source maps behind Vercel Authentication. Browser .map files return a 404 to anyone outside your team, while authenticated members get full access for debugging minified code with real filenames and line numbers.
This matters because source maps expose your original source code to anyone who knows where to look. Shipping them unprotected has always been a tradeoff between debuggability and security. This feature removes that tradeoff.
New projects get this enabled by default. Existing projects can opt in from Settings, then Deployment Protection, with no redeploy required. The implementation details and edge cases are in the Vercel documentation and worth reading if you manage production deployments.
[READ ORIGINAL →]