Replies: 1 comment
-
|
No this is not good. The secret will be transparently visible to the browser. Formally speaking, in the snippet below, because Contact is a client component, the boundary is crossed, and the secret is leaked. <Contact
mySecretKey={process.env.SECRET_KEY}
/>You can create a server function with 'use server'
import { sendMail } from "@/lib/3rdPartyApi";
export async function doSendMail() {
await sendMail(process.env.FOO_BAR);
}That ought to do. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
Hey guys, I need some help for the following case.
Suppose I have the following structure
I also have an .env file with a secret key
SECRET_KEY=longsecretkeywith32charsNow in page.jsx, which is a server component I have
The Contact Component is a client Component
Now the question is: can the value of SECRET_KEY (which is passed as prop) here somehow be exposed/intercepted/read by a malicious client activity (so that they will get longsecretkeywith32chars)?
If so, how would that work?
How would a more secure solution look like?
Thanks for your help!
Additional information
No response
Example
No response
Beta Was this translation helpful? Give feedback.
All reactions