Security key exposed

[Xesenix]

As comment in this line say it should not be exposed
https://github.com/PlayFab/JavaScriptSDK/blob/master/PlayFabSdk/src/PlayFab/PlayFabClientApi.js#L8
but if I understand correctly use of this file it is used in browser on client side so this settings will be exposed.
Why is this value used on client side in this line?
https://github.com/PlayFab/JavaScriptSDK/blob/master/PlayFabSdk/src/PlayFab/PlayFabClientApi.js#L216

[pgilmorepf]

Hello.
There's multiple ways you could use the JS SDK.

Option 1: Make a browser game. In this situation, you would never put the devSecretKey into your game. Those comments are there to inform you of the risk, and ensure you maintain the safety of your title.
Option 2: Internal tools/dashboard for a title. In this situation, your website must be internally secured, such that only you can access it. But, if it's properly internally secured, you can generate and use a devSecretKey for that purpose, and create a web page that monitors and/or maintains some server-side aspect of your game, from a browser. In that case, the suggestion of the code-comment is heeded, and your devSecretKey is both assigned, but also not in customer hands.

For our part, the SDK code is the same for both situations. We both agree that it's important that you're using it correctly. Since you've read the comment and understand the potential problem, I must conclude the comment has worked as intended.

Thank you for your suggestion, and happy coding.