N
Nuxtβ€’6mo ago
Muhammad Awais

Run time config visible in page source

Hi everyone, I'm using public runtime config to store base url of my backend application but client doesn't want the url to be visible in the page source. Nuxt attaches public configs to window object and those are visible in page source. What can be the better way to sotre base url. I'm using graphql.
11 Replies
Nasr galal
Nasr galalβ€’6mo ago
export default defineNuxtConfig({
  runtimeConfig: {
    // Private keys are only available on the server
    apiSecret: '123',

    // Public keys that are exposed to the client
    public: {
      apiBase: process.env.NUXT_PUBLIC_API_BASE || '/api'
    }
  }
})
export default defineNuxtConfig({
  runtimeConfig: {
    // Private keys are only available on the server
    apiSecret: '123',

    // Public keys that are exposed to the client
    public: {
      apiBase: process.env.NUXT_PUBLIC_API_BASE || '/api'
    }
  }
})
manniL
manniLβ€’6mo ago
https://www.youtube.com/watch?v=2tKOZc3Z1dk
Alexander Lichter
YouTube
Is Nuxt 3's runtimeConfig UNSAFE?!
πŸ” Are you a Nuxt 3 user already and use API keys in your project? In this video, we dive deep into Nuxt 3's runtimeConfig to explore its potential security implications if handled wrongly. Is it safe to use, or are there hidden risks you need to be aware of? πŸ€”πŸ‘‰ runtimeConfig is a powerful feature in Nuxt 3 that allows you to manage configurati...
Nasr galal
Nasr galalβ€’6mo ago
@manniL / TheAlexLichter Well explained! I see number 4 on the bulb behind you, does that refer to Nuxt 4 πŸ˜„ ?
manniL
manniLβ€’6mo ago
Hidden clues everywhere πŸ˜› But no, it is because an "A" and an "L" are a bit hidden in there πŸ‘€
Nasr galal
Nasr galalβ€’6mo ago
Hahahahaha πŸ˜„ oh yeah, playing a lot of games makes us think about hidden clues πŸ˜„
Muhammad Awais
Muhammad AwaisOPβ€’6mo ago
All these things gonna attach env variable to NUXT I know there are ways to see env variables but I don't want it to visible in the page source where it is seen attached with NUXT
manniL
manniLβ€’6mo ago
put them not in public, but then they can only be accessed during SSR πŸ™‚ Also explained that in above video
LazyDali
LazyDaliβ€’6mo ago
I thought I saw the A and L but I was not certain. Nice idea!
Muhammad Awais
Muhammad AwaisOPβ€’6mo ago
Thanks for the reply, I have another question, I have seen your api proxy video that was really helpful but I wanted to ask is their any way to proxy image src urls?
manniL
manniLβ€’6mo ago
should work the same way πŸ€”
Muhammad Awais
Muhammad AwaisOPβ€’6mo ago
yes worked thanks
Want results from more Discord servers?
Add your server