racerxdl
commented
1 month ago PS: This can be solved by removing the _PUBLIC prefix on the env variables (since they only need to be at backend side)
Open racerxdl opened 1 month ago
racerxdl
commented
1 month ago PS: This can be solved by removing the _PUBLIC prefix on the env variables (since they only need to be at backend side)
Currently the env APP_URL is getting exposed directly on client side because webpack adds it to the bundle. This is an issue because it exposed information about internal infrastructure and even the token for acessing the API directly.