You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All vite environment variables can be private by default. But by using VITE_PUBLIC, they can be exposed to the browser as well.
Describe alternatives you've considered
In the meantime, I'm likely just going to use this system myself and be careful to not reveal private variables in the browser.
How important is this feature to you?
Fairly important. Keeping API secrets a secret is quite important, and if the framework were to do that automatically, it saves lots of time double-checking "is the code only running on the server?" as well as removes all potential for human error.
The text was updated successfully, but these errors were encountered:
I'm going to close this in favor of vitejs/vite#3176. We'd like all environment variables to be exposed on the server and the VITE_ ones globally available
Is your feature request related to a problem? Please describe.
Currently, all environment variables can be exposed in the browser. As per the Vite docs:
This exposes a potential security risk with API secrets.
Describe the solution you'd like
Next.js has an elegant solution where are not exposed to the browser by default. To make an environment variable public, it needs to begin with
NEXT_PUBLIC
.A similar solution would work really well.
All vite environment variables can be private by default. But by using
VITE_PUBLIC
, they can be exposed to the browser as well.Describe alternatives you've considered
In the meantime, I'm likely just going to use this system myself and be careful to not reveal private variables in the browser.
How important is this feature to you?
Fairly important. Keeping API secrets a secret is quite important, and if the framework were to do that automatically, it saves lots of time double-checking "is the code only running on the server?" as well as removes all potential for human error.
The text was updated successfully, but these errors were encountered: