Secrets Exposure
- Vulnerable
- Solution 1
- Solution 2 - API code:
pages/api/example-5-secrets-exposure/solution-2.ts
The following API key should not be any value other than "undefined" in the frontend regardless of which user tries to access the page:
process.env.API_KEY:
Show API results fetched using the process.env.API_KEY variable
{
"page": 1,
"per_page": 6,
"total": 12,
"total_pages": 2,
"data": [
{
"id": 1,
"name": "cerulean",
"year": 2000,
"color": "#98B2D1",
"pantone_value": "15-4020"
},
{
"id": 2,
"name": "fuchsia rose",
"year": 2001,
"color": "#C74375",
"pantone_value": "17-2031"
},
{
"id": 3,
"name": "true red",
"year": 2002,
"color": "#BF1932",
"pantone_value": "19-1664"
},
{
"id": 4,
"name": "aqua sky",
"year": 2003,
"color": "#7BC4C4",
"pantone_value": "14-4811"
},
{
"id": 5,
"name": "tigerlily",
"year": 2004,
"color": "#E2583E",
"pantone_value": "17-1456"
},
{
"id": 6,
"name": "blue turquoise",
"year": 2005,
"color": "#53B0AE",
"pantone_value": "15-5217"
}
],
"support": {
"url": "https://contentcaddy.io?utm_source=reqres&utm_medium=json&utm_campaign=referral",
"text": "Tired of writing endless social media content? Let Content Caddy generate it for you."
}
}The following users should not contain the "passwordHash" property, regardless of which user tries to access the page:
[
{
"id": 1,
"username": "alice"
},
{
"id": 2,
"username": "bob"
}
]