There might be a misconfiguration in the nextjs.config.js file: In its current state, it seems that all env variables are exposed to the JavaScript bundle (and consequently the client). If correct, the following environment variables could be at risk of getting leaked: DB_USER, DB_PASSWORD, SECRET, and PASSWORD.
Hi @jimmybisenius,
There might be a misconfiguration in the
nextjs.config.js
file: In its current state, it seems that allenv
variables are exposed to the JavaScript bundle (and consequently the client). If correct, the following environment variables could be at risk of getting leaked:DB_USER
,DB_PASSWORD
,SECRET
, andPASSWORD
.Source: https://nextjs.org/docs/api-reference/next.config.js/environment-variables