There should be a warning for people in docs about Public environment variables
Answered
American Fuzzy Lop posted this in #help-forum
American Fuzzy LopOP
NEXT_PUBLIC variables are rendered as "inline" values replacing the process.env.NEXT_PUBLIC_varname Doc's says it will be rendered but it should say don't use them for verifying passwords or that may compromise credentials.
One can easily find all the environment variables in the appropriate files from the sources tab in the browser.
I was helping my friend with his application and found him compromising security using NEXT_PUBLIC env variables, There should be a formal warning in docs, so people might avoid using such things on clients.
Answered by joulev
Please open a new issue on GitHub suggesting a documentation improvement, or even better, a PR updating the documentation. Here no one can help you with this.
1 Reply
Please open a new issue on GitHub suggesting a documentation improvement, or even better, a PR updating the documentation. Here no one can help you with this.
Answer