search

aws / aws-sdk-js

AWS SDK for JavaScript in the browser and Node.js
https://aws.amazon.com/developer/language/javascript/
Apache License 2.0
7.6k stars 1.55k forks source link

Getting Project Config from Console Injection #4567

Closed rajeshigo closed 9 months ago

rajeshigo commented 10 months ago

Describe the bug

we using S3 file storage (aws-sdk) for react project. we storing aws properties in .env , when inspecting and typing in console as AWS.config.credential it gives all the project keys with accessKeyId ,secretAccessKey

Expected Behavior

we need to restrict the project level details from console

Current Behavior

Capture image

Reproduction Steps

  1. run your react application
  2. inspect your browser dev tool
  3. go to console and type like AWS.config
  4. there you will get your project level details easily

Possible Solution

No response

Additional Information/Context

No response

SDK version used

2.1455.0

Environment details (OS name and version, etc.)

window 10

aBurmeseDev commented 9 months ago

Hi @rajeshigo - thanks for reaching out. Can you provide a reproducible code for us to investigate further? Also which version of Node are you using?

github-actions[bot] commented 9 months ago

This issue has not received a response in 1 week. If you still think there is a problem, please leave a comment to avoid the issue from automatically closing.