This is probably a really ignorant question, but I have to ask it. I was looking at pointing my repository to a subdomain on my hosting server. From what I see you have to make it public. If that is true then isn’t your code exposed to anyone? If there is a flaw in your code it seems anyone could exploit it easily.
Are you pointing a subdomain you own to a GitHub Pages site hosted from a private repository? If so, then yes, this is expected. Any files you have in publishing source of your site—either the
master branch, the
gh-pages branch, or the
docs directory, depending on how your site is set up—will be publicly available on the internet. In order for your site to load a browser would need to be able to access and download the code for your site before rendering it on whatever device you were viewing the webpage from.
If you don’t want certain code exposed on the internet then you’ll need to move it out of the publishing source of your site—out of the
gh-pages branches, depending on your chosen publishing source—or delete it entirely from your repository.
Thanks for helping me to understand this.