Documentation
Security

Security

Environment Variables

The .env file in the root of the project is used for all packages. When you run a dev, build or other script, dotenv loads the variables into the environment.

⚠️

Do not commit your tokens and keys into the repository. Use the gitignored .env files.

⚠️

Variables prefixed with NEXT_PUBLIC_ are available on the client, so do not put anything secret in there.

Security Headers

As an extra measure, more secure headers are added to the web app to mitigate some risk. Take a look at the headers() property at apps/webbasic/next.config.js.

You can validate the headers by using these free tools