You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks,I think this is a client side API token.The best way is using a environment variable and inject at bundle process. But even if using a environment variable, people can still see it at web request or javascript bundle result.
If this is a security related token or development used token, it is important to hide at souce code and using a server to proxy. Currently both OPENSEA API token or SENTRY_DSN and INFRUA API token are not secuity token.
But we will eventually put it in the environment variable at last, and it is currently the test version of the application for better local use.
Thanks! We have revoke all OPENSEA API KEY and COVALANT_API_KEY in our code. Currently we are using environment variable to inject., Instead of hardcode into source code.We didn't clear the git history because the token was useless.
Otherwise, the reason we didn't use a server proxy was that we wanted to keep the third-party services we used more transparent. And, although we inject through environment variables, these client tokens can still be seen in the final packaging result and runtime.
No description provided.
The text was updated successfully, but these errors were encountered: