cfweb3 icon indicating copy to clipboard operation
cfweb3 copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

Infura API key is exposed

Open BoxedFruits opened this issue 3 years ago • 1 comments
trafficstars

https://github.com/cloudflare/cfweb3/blob/c4e627627732edfadcaccd90b5656b0b3c54c43c/contract/hardhat.config.js#L22

Its probably very unlikely that the Infura account that is linked to this key is not on the free tier but on the small chance that it is, someone could use it for their own nefarious purposes.

Suggestion: There could be added documentation for a user to set up an Infura account to get their own API key and possibly use dotenv instead to handle environment variables. Let me know what y'all think and I could open up a PR :)

BoxedFruits avatar Dec 07 '21 03:12 BoxedFruits

From my testing, dotenv variables, even when using the REACT_APP_ prefix, are not hidden/secure when using Cloudflare Pages. I assume this is a limitation of Cloudflare Pages.

MachineITSvcs avatar Apr 10 '22 00:04 MachineITSvcs