Prevent initialization injecting entire user object data?

I have been trying to look for performance improvements for our slow-loading app. The big bottlenecks appear to be a couple of giant JavaScript files that Bubble loads (both just under 2MB), and the speed it takes to get to the “first paint” of the app.

While looking at the “first paint” issue, I noticed that the HTML that is generated for the homepage is injecting the entire user object. Is there any way to limit this? What is it used for? We have a lot of data stored against the user. Some of it is confidential that we don’t want the user to see by doing view-source, and some are fields that are potentially huge (like user sessions… there could be (many) thousands of rows that needlessly are loaded from the database and injected into the page.

The injected code is below:

<script type="text/javascript">
    "<bubble id>",
      authentication: {
        email: { email: "<full user email>", temp_password: "false" }
      user_signed_up: true,
      firstname_text: "<first name>",
      lastname_text: "<last name>",
     userlocation_text: "<don't want the user think we're stalking them!>",
      sessions_list_custom_session: [
          <.... potentially MASSIVE list of linked ids. ...>
      ... lots more ...


Both of your issues can be largely solved by Privacy Rules.

Fields that are prohibited will not be downloaded to the browser. This’ll likely solve both of your problems at least in large part. Find that in the data tab for your app.

1 Like

That’s a big downside to a field containing “list of things”, IMO its really only practical for lists under 200 items.

Did you manage to solve this completely?
I had the same issue of exposing user data, and stopped almost all that through unticking every field on privacy.
But the email is still being exposed in the script being run.