React NPM Build and Environment Variables
Question
When deploying a ReactJS + NodeJS application, what do you do about environment variables used on the React-side? Running NPM BUILD folds any secret API keys into the final code, making it visible to anyone who inspects the source code. Moving the.evn information to a.env file located server-side before using the npm build command doesn't solve the issue. I've tried to search around but I can't find any actual solutions.
Thanks
2 answers
solution1
0 2022-07-26 14:38:43
Thanks folks, all extremely helpful. I'll be moving the secret keys to the server side and changing the way my code works to compensate the adjustment, The other issue was Google Maps API. which can't be moved in the code but can be restricted to specific IP or URL use in the Google Cloud Platform
solution2
-1 2022-07-25 23:25:17
You cannot make secret keys invisible on the client side. Even receiving it as an environment variable from the server, the keys will be incorporated into the build and will be publicly accessible.
So that your React app is not vulnerable, the only way is to save keys and secrets in the backend. That is, the backend is the only one with access to keys and secrets. Client only makes requests without storing sensitive data.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.