So I was checking the source code (in browser) of some of my projects and I discovered that even though I used environment variables to store sensitive information I could still see the values when rendered in the browser, meaning that my values are injected during runtime, hence still makes my projects vulnerable. How do I deal with env variables in production so that no one will see the values when the page source is viewed?
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (2)
in my experience i use netlify, and there is usualy an option to add environment variables via some sort of command after deployment. Same with heroku, and i suppose same should be true for other services aswell.
there are some posts here aswell on this topic
dev.to/fabiorosado/hide-your-api-k...
Some comments may only be visible to logged-in visitors. Sign in to view all comments.