Thanks for sharing. Have you thought of a way to motivate any security risk associated with having environment variables passed in via bootstrap events?
I don't think we've got a great solution, but all of the configuration we pass into the client app is publishable (eg, stripe publishable keys) or not secret (gateway service URLs for different environments).
Keys and other configuration that needs to be kept out of the browser have to be handled by the services instead
Great, yea I think that’s just one of the responsibilities of UI config variables— you gotta keep secrets out of them since they’re available in the source code.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for sharing. Have you thought of a way to motivate any security risk associated with having environment variables passed in via bootstrap events?
I don't think we've got a great solution, but all of the configuration we pass into the client app is publishable (eg, stripe publishable keys) or not secret (gateway service URLs for different environments).
Keys and other configuration that needs to be kept out of the browser have to be handled by the services instead
Great, yea I think that’s just one of the responsibilities of UI config variables— you gotta keep secrets out of them since they’re available in the source code.