0

I'm building a Nuxt 3 app, but I have a problema with .env file.
In production if I navigate www.mydomain.com/.env i can see al sensible data like API key.

I'trying to use runtimeConfig with apiSecret like this

runtimeConfig: {


// Keys within public, will be also exposed to the client-side
apiSecret: {
    //stripe_pk: process.env.STRIPE_PK,
    //client_id: process.env.CLIENT_ID,
 api_key: example

},

but I encountered the same problem. Where is the mistake?

kissu
  • 40,416
  • 14
  • 65
  • 133
Giampy71
  • 137
  • 1
  • 5
  • Gave a try to [that one](https://stackoverflow.com/a/67705541/8816585)? It also depends on where you're calling it, more details are overall welcome. – kissu Feb 16 '23 at 17:31

1 Answers1

0

It is problem of your production server. In server config u should disble access to .env file.

Example for nginx:

server {
    ...
    location ~ /\.(?!well-known).* {
        deny all;
        access_log off;
        log_not_found off;
    }
    ...
}
Alexey
  • 82
  • 2