In this repository, it is recommended to add cloud_name, api_key and api_secret to the file signed-uploads/public/js/config.js. I found this surprising, since the contents of the public folder are published by express. Would it not be safer to keep these secrets hidden?
In this repository, it is recommended to add
cloud_name,api_keyandapi_secretto the filesigned-uploads/public/js/config.js. I found this surprising, since the contents of thepublicfolder are published by express. Would it not be safer to keep these secrets hidden?