opencode icon indicating copy to clipboard operation
opencode copied to clipboard
Published 1 month ago verified publisher icon anomalyco

Potential vulnerability: exposure of sensitive secret in SolidStart frontend bundle

Open Mehrad25Software opened this issue 1 month ago • 0 comments

Description

While reviewing the SST, Cloudflare and SolidStart setup, I noticed that several sensitive secrets are linked directly to the SolidStart “Console” app. Depending on how SST injects linked resources and how SolidStart/Vite handles env exposure, there may be a risk of unintentionally exposing server-only secrets to the frontend bundle.

This may already be handled safely by SST, but the current configuration makes it non obvious and could be a footgun for future contributors.

OpenCode version

No response

Steps to reproduce

No response

Screenshot and/or share link

No response

Operating System

No response

Terminal

No response

Mehrad25Software avatar Dec 26 '25 18:12 Mehrad25Software