DEV Community

Discussion on: How To Get a Comment Section On Your Static Site

Collapse
 
umaralam48 profile image
Mohd Umar Alam

The page script can be accessed and hence the ClientID and Clientsecret. Doesn't that pose any security issues?

Collapse
 
firozansari profile image
Firoz Ansari

I have the same concern. Exposing Github clientSecret token on the frontend has never been a good idea.

Collapse
 
brianemilius profile image
Brian Emilius

Requests to a github app are limited to the scope of the domain the app is created for, so it really doesn't matter. The app will only accept requests from the domain(s) it was created for.