.env variables showing in HTML page source on React site
I got a site based on the React-Starter-Kit site running locally and online, I can log in and out of both.
I hosted the site at Vercel where I had to copy the variables in my local .env file into Settings>EnvironmentVariables and I changed the URL.
But I notice that when someone wants to find out my Kinde clientId from my env variables on my online site, they simply need to View Page Source, search for "clientId" and it is shown in plain text.
Can this be prevented, or is this just a security issue we have to live with unless we use a server-side solution like Next.js, etc.?
I hosted the site at Vercel where I had to copy the variables in my local .env file into Settings>EnvironmentVariables and I changed the URL.
But I notice that when someone wants to find out my Kinde clientId from my env variables on my online site, they simply need to View Page Source, search for "clientId" and it is shown in plain text.
Can this be prevented, or is this just a security issue we have to live with unless we use a server-side solution like Next.js, etc.?
