Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Infura API key is exposed #26

Open
BoxedFruits opened this issue Dec 7, 2021 · 1 comment
Open

Infura API key is exposed #26

BoxedFruits opened this issue Dec 7, 2021 · 1 comment

Comments

@BoxedFruits
Copy link

cfweb3/contract/hardhat.config.js

Line 22 in c4e6276

url: "https://mainnet.infura.io/v3/5707a1c75350408cb408cba40175e252",

Its probably very unlikely that the Infura account that is linked to this key is not on the free tier but on the small chance that it is, someone could use it for their own nefarious purposes.

Suggestion:
There could be added documentation for a user to set up an Infura account to get their own API key and possibly use dotenv instead to handle environment variables. Let me know what y'all think and I could open up a PR :)
@MachineITSvcs
Copy link

MachineITSvcs commented Apr 10, 2022
edited
Loading

From my testing, dotenv variables, even when using the REACT_APP_ prefix, are not hidden/secure when using Cloudflare Pages. I assume this is a limitation of Cloudflare Pages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MachineITSvcs @BoxedFruits