lexcraw4d
commented
2 years ago Still interested in seeing if there is a way to get around this... seems like there would be a way to hide a key via frontend... any suggestions?
Open s-leroux opened 2 years ago
lexcraw4d
commented
2 years ago Still interested in seeing if there is a way to get around this... seems like there would be a way to hide a key via frontend... any suggestions?
s-leroux
commented
2 years ago Hi Lexie,
I made a few researches since the other day. It appears pretty clear you can't reliably protect an API key used from the front-end. There are obfuscation techniques that may prevent the key to obviously appear in the code. But someone decided to steal your credential can always capture them at run-time when the application issue its requests.
I stared writing a blog article on the subject: https://github.com/YesIKnowIT/Blog/blob/2022/keep-you-secret-secret/2022/keep-you-secret-secret/article.adoc (early draft)
On 15/07/2022 00:55, Lexie Crawford wrote:
Still interested in seeing if there is a way to get around this... seems like there would be a way to hide a key via frontend... any suggestions?
— Reply to this email directly, view it on GitHub https://github.com/lexcraw4d/BonVoyage22/issues/11#issuecomment-1184969061, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMZ47UYOF5MKSESAGE6U73VUCLG5ANCNFSM5X3NYAVQ. You are receiving this because you authored the thread.Message ID: @.***>
lexcraw4d
commented
2 years ago Awesome I tried accessing the doc but it doesn't open. That's a bummer I wonder why Google created it with front end snippets like that. Retag your doc here if you can!
Set the JS files to "strict mode":
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Strict_mode#strict_mode_for_scripts
From the link above: