The storyblokInit function should be running somewhere on the server so that the API token does not get exposed to the client.
Current Behavior
The storyblokInit function is placed in the _app file, which runs on the clientside. This means that even when using environment variables, it is possible to retrieve the access token from the client.
felipepastor
commented
1 year ago
Expected Behavior
The storyblokInit function should be running somewhere on the server so that the API token does not get exposed to the client.
Current Behavior
The storyblokInit function is placed in the _app file, which runs on the clientside. This means that even when using environment variables, it is possible to retrieve the access token from the client.