|
|
|
|
|
|
by stuartromanek
704 days ago
|
|
|
Hello, I'm really sorry you had this unexpected exposure using ApostropheCMS. As you've mentioned, this data sharing was noted in the documentation but can still prove surprising. A note for future researchers: the currently supported major version of Apostrophe no longer behaves in this way. Any data injection to the logged-out front-end would be a choice made at the developer level, specifically to avoid this sort of surprise. That said, there are still use cases for including API keys as part of the configuration and 'content' of certain types of widgets. For context, I am the head of design at Apostrophe and also play an engineering role. |
|
|
Overall it's a great & in current headless craze a unique product. V3 looks very good, but we never got that in production.