re: DIY HeadlessCMS + SSR with Vue & Netlify VIEW POST


Fun read. sorry I was unable to attend the meeting.

Just took a quick look and was wondering how secret does the GitLab api key need to be?

 If all is well we can update this function to save data to our repo. First 
 we need to pull in our private token and create a little string helper to 
 format the url the way GitLab's API expects.

 const path = 'src/db/'.replace(/\//g, '%2F')

 GL_PRIVATE_TOKEN is an environment variable that I added directly in the 
 settings for the site on netlify.com. Netlify dev actually pulls these in locally 
 and makes them available which is pretty cool.

Looks like the PRIVATE token is in clear text in the javascript. (as clear text as minified javasript can be).

I'm guessing the GITLAB token has some kind of referrer option so it can only accepts requests from specific referrrs? (your netlify site and localhost?)

I've used render.com in a similar way. It also deploys directly from [REDACTED].

Code of Conduct Report abuse