Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret env variables are exposed client-side #3

Open
notorigine opened this issue Jan 2, 2025 · 3 comments
Open

Secret env variables are exposed client-side #3

notorigine opened this issue Jan 2, 2025 · 3 comments

Comments

@notorigine
Copy link

Hi Dato and happy new year!

Just noticed that when using runTimeConfig.public, these env variables are exposed on the front-end; wouldn't it be better to only have them exposed server-side to avoid exposing these CDA token publicly?

Added screenshots for clarity:

Screenshot 2024-11-27 at 10 35 31 Screenshot 2024-11-27 at 10 35 23

Thank you!
@stefanoverna
Copy link
Member

Happy new year too!

Hmm, I tried to make the token private: the server-side page generation is all OK, but the rehydration then fails because on the client side useQuery() cannot find the token. What is the best practice in these cases with Nuxt?

rehydration.mp4

@notorigine
Copy link
Author

I'm not too sure to be honest - maybe the best practice would be to make useQuery() a server-side composable so that it has access to the relevant API token?

@stefanoverna
Copy link
Member

Got it. Do you have any links discussing server-side composable by any chance?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stefanoverna @notorigine