racerxdl
commented
4 months ago PS: This can be solved by removing the _PUBLIC prefix on the env variables (since they only need to be at backend side)
Open racerxdl opened 4 months ago
racerxdl
commented
4 months ago PS: This can be solved by removing the _PUBLIC prefix on the env variables (since they only need to be at backend side)
Currently the env APP_URL is getting exposed directly on client side because webpack adds it to the bundle. This is an issue because it exposed information about internal infrastructure and even the token for acessing the API directly.