Is it insecure to include my login page in nuxt application? #9052
Answered
by
danielroe
arai03
asked this question in
Questions (Nuxt 2)
-
if you include your login page in nuxt project, then the user is receiving all of your code before they're even authenticated. |
Beta Was this translation helpful? Give feedback.
Answered by
danielroe
Mar 25, 2021
Replies: 1 comment
-
@arai03 As a matter of best practice, you should assume that everything in your webpack bundle is public. Secrets or sensitive URLs should not be embedded in your webpack code. The right approach, however, depends a lot on your threat model and use cases. An option to consider is using a serverless API (or server endpoint) to guard access to your secrets (for example, to proxy access to a payment provider or an email service). |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
Atinux
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@arai03 As a matter of best practice, you should assume that everything in your webpack bundle is public. Secrets or sensitive URLs should not be embedded in your webpack code. The right approach, however, depends a lot on your threat model and use cases. An option to consider is using a serverless API (or server endpoint) to guard access to your secrets (for example, to proxy access to a payment provider or an email service).