📅  最后修改于: 2022-03-11 14:58:47.732000             🧑  作者: Mango
WARNING: Do not store any secrets (such as private API keys) in your React
app! (source: https://create-react-app.dev/docs/adding-custom-environment-variables)
Reason: Environment variables are embedded into the build, meaning anyone can view them
by inspecting your app's files.
Unfortunately, keeping any key in your React client, even if you are using
gitignore and an .env file, is not secure.
Solution: You should really only save API keys or secrets in your backend such
as Node / Express. You can have your client send a request to your backend API,
which can then make the actual API call with the API key and send the data back
to your client.