英文:
Why my env reactjs exposed on script chunk.js
问题
以下是代码部分的翻译:
我有一个使用react-app-rewire的reactjs应用,但在构建/运行后,我发现env在main.chunk.js中被暴露出来,我期望env将被加密或混淆,而不会明确地显示为一个对象。
package.json中的脚本如下:
"scripts": {
"start": "react-app-rewired start",
"build": "GENERATE_SOURCEMAP='false' INLINE_RUNTIME_CHUNK='false' react-app-rewired build",
"test": "react-app-rewired test",
"analyze": "source-map-explorer 'build/static/js/*.js'",
"eject": "react-scripts eject",
"prod": "yarn run build && serve build",
"lint": "eslint \"./**/*.{js,jsx}\"",
"lint:fix": "npm run lint -- --fix",
"format": "prettier --write \"**/*.+(js|jsx|json|css|md)\"",
"prepare": "husky install",
"doc": "jsdoc -c jsdoc.json"
}
如何修复这个问题?
英文:
I have reactjs app using react-app-rewire but after im build / running i saw that env was exposed on main.chunk.js, im expected that env will be encrypted or obfuscated not clearly saw as an object
this script on package.json
"scripts": {
"start": "react-app-rewired start",
"build": "GENERATE_SOURCEMAP='false' INLINE_RUNTIME_CHUNK='false' react-app-rewired build",
"test": "react-app-rewired test",
"analyze": "source-map-explorer 'build/static/js/*.js'",
"eject": "react-scripts eject",
"prod": "yarn run build && serve build",
"lint": "eslint \"./**/*.{js,jsx}\"",
"lint:fix": "npm run lint -- --fix",
"format": "prettier --write \"**/*.+(js|jsx|json|css|md)\"",
"prepare": "husky install",
"doc": "jsdoc -c jsdoc.json"
},
How to fix this ?
答案1
得分: 2
环境变量始终在 DOM 中可用。React 应用程序是单页面的,所有内容都最终在用户的浏览器中加载。文档建议不要在 React 应用程序中存储机密信息。
https://create-react-app.dev/docs/adding-custom-environment-variables/
英文:
The environment variables are always going to be available in the DOM. React applications are single page and everything ends up in the users browser. The docs say not to store secrets in a react app.
https://create-react-app.dev/docs/adding-custom-environment-variables/
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论