Skip to content

Critical Security Vulnerability - Hardcoded API URL and Missing Environment Configuration #51

New issue
New issue
Closed
Closed
Critical Security Vulnerability - Hardcoded API URL and Missing Environment Configuration#51
Assignees
Soumadip-Mishra
Labels
EasyfrontendAffects the frontend layergood first issueGood for newcomershacktoberfestsecurity
@Community-Programmer

Description

@Community-Programmer
Community-Programmer
opened on Oct 15, 2025

Description:
The authService.ts and other API-related files currently contain hardcoded localhost URLs. This causes deployment issues and poses a potential security risk.

Impact:

  • Security Risk: Exposes backend architecture details
  • Deployment Failure: Application won’t work in production or staging environments
  • Configuration Issue: No environment-based configuration support
  • CORS Problems: Hardcoded localhost breaks deployed apps

Fix Required:

  • Create proper environment variable configuration
  • Add .env file support with VITE_API_BASE_URL
  • Update all API service files to reference import.meta.env.VITE_API_BASE_URL instead of hardcoded URLs

Metadata

Metadata

Assignees

Labels

EasyfrontendAffects the frontend layergood first issueGood for newcomershacktoberfestsecurity

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions