javascriptsecurityapi-keydotenv
How to solve API key is visible on request URL problem?
I've hide my API key inside .env file in my React app. And I used it through process.env. But When I go to network tab in developers tool of google chrome and check requests there I can see my API key present in the request URL. Therefore my API key is not secured. Anyone will able to get my API key. How can I hide my API from that place as well?
Solution
There is no way to hide the key on the client-side.
My suggestions:
- Do this call from your back-end, and expose it to your front-end
- Add API HTTP referrer restrictions instead. Only requests from your domain make the call in (1)
- HTML text-overflow ellipsis detection
- How do I check if an array includes a value in JavaScript?
- make html text input field grow as I type?
- How do two (seemingly!) identical strings not equal each other?
- Writing npm modules in TypeScript
- Dynamic Flickr background image for CSS tag
- javascrip indexOf not working with underscore=
- Conditionally add object to an array while being declared
- What underlies the `var self = this` JavaScript idiom?
- Detect focus initiated by tab key?
- Tawk.to (free live chat script) produces 400 Bad Request Error
- JavaScript date objects UK dates
- How can I center the title in Appbar.Header in react-native-paper?
- Puppeteer log inside page.evaluate
- multer-gridfs error " TypeError: Cannot read properties of undefined (reading '_id') "
- Static async function in JavaScript class
- Make jest globally available in storybook
- What does "~" (tilde) mean in the import ... from "~/"
- camelCase to kebab-case
- Javascript carousel like-presentation gallery
- possible to shrink contents of iframe?
- Getting the textarea value of a ckeditor textarea with javascript
- react-router v6: Navigate to a URL with searchParams
- Verify if response is express or fastify
- Is it possible to use Firebase Realtime Database to implement a distributed mutex?
- Jest: how to mock console when it is used by a third-party-library?
- Make Bootstrap Popover Appear/Disappear on Hover instead of Click
- Guard flickers page then loads actual page
- How do I chop/slice/trim off last character in string using Javascript?
- crypto.randomUUID is not a function