ENV variables in client

[saeho]

So, by now I understood that .env files can only be read on the front-end server because Deno is not available on the client side...

So, now how am I suppose to create secrets for my app or have environment variables or detect if it's in development or production mode on the client side?

I looked everywhere in the docs but couldn't find an answer.

Any help would be appreciated.

[miguelrk]

IIRC, @marvinhagemeister has argumented against supporting a way to access env variables from the browser/client before, due primarily to security concerns. Currently, you would need to e.g. proxy requests via a server route/endpoint which injects these. Other full-stack frameworks do support exposing certain env variables to the client, and I think they are indeed valid use cases for this, but don't think it's in scope for Fresh 2.0.

[saeho]

gotcha. since client side is never secure anyways, I think this is fine.

[saeho]

one more question. how do I jumble/minify my development app/production deployment so the code and CSS cannot be human-read easily?

[marvinhagemeister]

JS code is automatically minifed in Fresh. Note that obfuscation is never an adequate security measure. If you are worried about leaking sensitive code, you should never sent it to the browser in the first place.

[saeho]

Not worried about leaking sensitive code. I'm more worried about people using front-end scripting to hack the web socket. I'm making a new app and it happened before in my other app.