javascript - Dumb question: Concern regarding using backend server's REST API in React app
问题描述
Like in order to connect(basically making request's) our React app to our backend server we have to use backend REST API, like logging in user, fetching data from the backend.
But wouldn't using REST API on the React components make API available to every user and any malicious mind could create chaos or make unnecessary requests to the server(like using Postman).
Is there any way to hide API keys, I've seen another answer to a similar question on 'How to hide API Keys' but there's not a clear answer, some saying to prepend API with REACT_APP_ in a dotenv file but some saying this is not safe, although I've tried prepending REACT_APP_ but still API is visible on the front end.
Is there a solution available to this problem?
解决方案
在您的 react 应用程序中使用 REST API 不会向公众公开这些端点。凭借现有的 REST API,这些端点已经向公众公开,公众中的任何人都可以使用它们。确保这些端点被锁定和安全(需要身份验证等)是服务器的工作,而不是客户端。
推荐阅读
- odoo - 如何在函数中获取字段的旧值 - Odoo12
- c# - 如何将包含一些常见数据的多个集合保存到数据库?
- android - 远程显示 API 是否已弃用?是否可以从 Android 应用程序直接在 Chromecast 显示器上绘图?
- android - E/CheckPermission: Permission Denial: can't use real_camera takePicture
- laravel - Laravel 5.8 在一个视图中处理所有错误
- algorithm - 就复杂性而言,哪种算法更好(以及为什么)
- javascript - 在javascript中检查是否为空
- javascript - 使用 ngModel 时类型上不存在属性
- java - Google电子表格更新列中的数据格式
- java - 实例化子类的对象时是否隐式创建父类的对象