Security Concerns with PHP SPA built with Wappler

The route URL looks like: domain.com/myRoute
if this page is opened directly without logging in, the Server Connect inside the page has been configured to redirect to login page on error event.

However, the underlying PHP page can still be opened up in browser: domain.com/my_route_page.php
all we can see on this page is just the variables, etc. no data is populated of course - but still this is deemed as a security risk - the page structure is exposed to users not logged in.

Is there a workaround to it so that the *.php route pages are not allowed to be opened directly and just throws a 404?

Please help.

Community Page
Last updated: