cra-runtime-environment-variables icon indicating copy to clipboard operation
cra-runtime-environment-variables copied to clipboard
verified publisher icon kunokdev

Potential security issue with using variables on the window object

Open georgiosApo opened this issue 3 years ago • 1 comments

There might be issues with specifying variables on the window object.

A hypothetical scenario:

Auth should be required/not required in specific environments.

Consider an env-variable requiresAuth: boolean.

If specified in runtime on the window object, a user could easily manipulate this one from the client.

Or am I missing something?

Cheers!

georgiosApo avatar Apr 25 '22 15:04 georgiosApo

I think the way to do this is to expose an endpoint in nginx the client can call.

tej-rana avatar Mar 05 '23 22:03 tej-rana