ajbrown
commented
8 years ago Hi @bjones6. That's certainly a risk you take by doing things on the client side. The other risk is that your logging endpoint is exposed as well, so it can even be done offline.
I'm not really sure of a good way around this. Maybe someone else might chime in.
I'd suggest you make sure you're using a separate log stream for client side logging, and consider the logs through that stream as disposable.
First off I apologize if this is a naive question but, if this is entirely client-sided, couldn't a malicious user send fake logs or an absurd number of logs trivially via just using the chrome console? I'd love, love, love, to include client side logs to my log aggregation, but it seems like a huge risk to me.