Public environment variables
ollebergkvist opened this issue · 0 comments
ollebergkvist commented
Using publicly exposed environment variables for the access token and store domain is not a good idea as they will be included in the build and are easily accessed by the client.
Hence, createCheckout and updateCheckout in src/lib/shopify.ts should be moved to api routes as they are run client-side.
The other queries are run server-side (getStaticProps), so they can utilize env variables.
Maybe that was mentioned in the course, but I believe a lot of people might use this project as a starting template. So maybe it's important to mention it somewhere in the readme.
Great material otherwise, I learned a lot from just exploring the repo.