You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm by no means an expert on google api tokens, but it doesn't seem great that they're exposed to the client as a matter of course. I think there's a couple of things that could be done to reduce the risk that exposing the token poses:
Add more detailed README text specifying that the Google token generated should be restricted to the Google Fonts API being called from their specific website (I realise that advising people on how to configure API tokens isn't really your problem, but I do think it would help people to use your component properly)
Consider an alternative to specifying the API token in the code directly - maybe it could be a function that retrieves the data some other way (e.g. calling to a backend server that holds the api token and proxies the request)?
The text was updated successfully, but these errors were encountered:
I'm by no means an expert on google api tokens, but it doesn't seem great that they're exposed to the client as a matter of course. I think there's a couple of things that could be done to reduce the risk that exposing the token poses:
Add more detailed README text specifying that the Google token generated should be restricted to the Google Fonts API being called from their specific website (I realise that advising people on how to configure API tokens isn't really your problem, but I do think it would help people to use your component properly)
Consider an alternative to specifying the API token in the code directly - maybe it could be a function that retrieves the data some other way (e.g. calling to a backend server that holds the api token and proxies the request)?
The text was updated successfully, but these errors were encountered: