Secrets Exposure
- Vulnerable
- Solution 1
- Solution 2 - API code:
pages/api/example-5-secrets-exposure/solution-2.ts
The following API key should not be any value other than "undefined" in the frontend regardless of which user tries to access the page:
process.env.API_KEY:
Show API results fetched using the process.env.API_KEY variable
{
"error": "Missing API key.",
"how_to_get_one": "https://reqres.in/signup"
}The following users should not contain the "passwordHash" property, regardless of which user tries to access the page:
[
{
"id": 1,
"username": "alice"
},
{
"id": 2,
"username": "bob"
}
]