Schema introspection fails without hasura admin secret

[DVGY]

If I don't provide hasura admin secret, the query fails for introspection. I read that admin secret should not be sent via client side app.

Is this true or I am doing something wrong ?

function App({ msalInstance }: AppProps) {
  const [dataProvider, setDataProvider] = useState<DataProvider | null>(null);

  useEffect(() => {
    const buildDataProvider = async () => {
      const dataProvider = await buildHasuraProvider({
        clientOptions: {
          uri: 'http://localhost:8080/v1/graphql',
          headers: {
  
            Authorization: `Bearer ${getBearerToken(msalInstance)}`,
            // 'X-Hasura-Admin-Secret': envs.hasuraAdminSecret,
     
            'X-Hasura-Role': 'gc',
          },
        },
      });
      setDataProvider(() => dataProvider);
    };
    buildDataProvider();
  }, []);

  if (!dataProvider) return <p>Loading...</p>;

  return (
    <MsalProvider instance={msalInstance}>
      <Admin
        dashboard={Dashboard}
        dataProvider={dataProvider}
        authProvider={authProvider}
        i18nProvider={i18nProvider}
        layout={CustomLayout}
        loginPage={MSALLogin}
      >
        <Resource name={Resources.USERS} list={ListGuesser} />
        <Resource name={Resources.PROJECTS} list={ProjectList} />
      </Admin>
    </MsalProvider>
  );
}

export default App;

{operationName: "IntrospectionQuery", variables: {},…}
operationName
: 
"IntrospectionQuery"
query
: 
"query IntrospectionQuery {\n  __schema {\n    queryType {\n      name\n      __typename\n    }\n    mutationType {\n      name\n      __typename\n    }\n    subscriptionType {\n      name\n      __typename\n    }\n    types {\n      ...FullType\n      __typename\n    }\n    directives {\n      name\n      description\n      locations\n      args {\n        ...InputValue\n        __typename\n      }\n      __typename\n    }\n    __typename\n  }\n}\n\nfragment FullType on __Type {\n  kind\n  name\n  description\n  fields(includeDeprecated: true) {\n    name\n    description\n    args {\n      ...InputValue\n      __typename\n    }\n    type {\n      ...TypeRef\n      __typename\n    }\n    isDeprecated\n    deprecationReason\n    __typename\n  }\n  inputFields {\n    ...InputValue\n    __typename\n  }\n  interfaces {\n    ...TypeRef\n    __typename\n  }\n  enumValues(includeDeprecated: true) {\n    name\n    description\n    isDeprecated\n    deprecationReason\n    __typename\n  }\n  possibleTypes {\n    ...TypeRef\n    __typename\n  }\n  __typename\n}\n\nfragment InputValue on __InputValue {\n  name\n  description\n  type {\n    ...TypeRef\n    __typename\n  }\n  defaultValue\n  __typename\n}\n\nfragment TypeRef on __Type {\n  kind\n  name\n  ofType {\n    kind\n    name\n    ofType {\n      kind\n      name\n      ofType {\n        kind\n        name\n        ofType {\n          kind\n          name\n          ofType {\n            kind\n            name\n            ofType {\n              kind\n              name\n              ofType {\n                kind\n                name\n                ofType {\n                  kind\n                  name\n                  ofType {\n                    kind\n                    name\n                    __typename\n                  }\n                  __typename\n                }\n                __typename\n              }\n              __typename\n            }\n            __typename\n          }\n          __typename\n        }\n        __typename\n      }\n      __typename\n    }\n    __typename\n  }\n  __typename\n}"
variables
: 
{}

{errors: [{message: "x-hasura-admin-secret/x-hasura-access-key required, but not found",…}]}
errors
: 
[{message: "x-hasura-admin-secret/x-hasura-access-key required, but not found",…}]
0
: 
{message: "x-hasura-admin-secret/x-hasura-access-key required, but not found",…}
extensions
: 
{path: "$", code: "access-denied"}
message
: 
"x-hasura-admin-secret/x-hasura-access-key required, but not found"