Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Concern #258

Open
cayter opened this issue Jan 1, 2025 · 2 comments
Open

Security Concern #258

cayter opened this issue Jan 1, 2025 · 2 comments

Comments

@cayter
Copy link

cayter commented Jan 1, 2025

According to https://axiom.co/docs/send-data/nextjs, we have to:

  1. Create an API token in Axiom with permissions to create, read, update, and delete datasets.
  2. Configure NEXT_PUBLIC_AXIOM_DATASET and NEXT_PUBLIC_AXIOM_TOKEN to the API token from step 1.

Doesn't NEXT_PUBLIC_ expose the secrets in the browser which also means our logs can be CRUD by malicious users?
@dasfmi
Copy link
Collaborator

dasfmi commented Jan 6, 2025

hi @cayter, that's a mistake in the docs, you only need an ingest permission, I will update the docs. Nonetheless, your're right regarding leaking the token, we have an in progress PR to make the library send logs through the backend only.

@cayter
Copy link
Author

cayter commented Jan 7, 2025

Oh noted thx a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cayter @dasfmi