Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Authorization header visible in static generation

See original GitHub issue

Hello,

I’m extremely grateful for your module, thanks a lot.

I’m using it with a headless CMS (directus) and nuxt generate for a full static website. As I’m using nuxt generate, I thought a static header Bearer static_token with read only access would be enough.

While inspecting the generated code, I noticed that the graphql endpoint and all the conf is visible, including the authorization header.

I’m wondering if it’s an expected behaviour or if I’m supposed to try and hide those informations, or if they should not be rendered at all as no communication is made between the website and the CMS (except during generate)…

Thanks!

Issue Analytics

State:
Created 2 years ago
Comments:9 (5 by maintainers)

Top GitHub Comments

1reaction

narduincommented, Aug 4, 2022

Hey @nonlinearcom, I’ve been using this method on a couple of websites without any drawbacks so far:

create a new role “read-only”
allow read rights to every custom collections and to the Directus files collection (no app access)
create a new user in directus
give it the role of “read-only”
create a token for it

The token is visible in the source code but it’s just a read token so… I guess it’s ok 😃

0reactions

Slgoetzcommented, Nov 7, 2022

It should still work on dev.

Top Results From Across the Web

adding authorization header of static values with every request

I am using Angular 7 for a web applications and there are more than 50 APIs. Now I need to add Authorization Bearer...

next.config.js: Custom Headers

Headers allow you to set custom HTTP headers on the response to an incoming request on a given path. To set custom HTTP...

Define a Legacy Named Credential - Salesforce Help

By default, Salesforce generates an authorization header and applies it to each callout that references the named credential. Deselect this option only if...

Authorize access to blob or queue data from a native or web ...

If authentication succeeds, Azure AD returns the access token to the ... Screenshot showing how to register your storage application with ...

Authorization Services Guide - Keycloak

A new Authorization tab is displayed for the client. Client Settings ... The value of the 'User-Agent' HTTP header. String[]. kc.realm.name.