隐藏内容空间id和访问令牌，客户端javascript文件 [英] Hiding contentful Space id and access token, client side javascript file

问题描述

我是满足的新手，我正在尝试将内容从内容显示到网页。我正在使用contentful.js显示内容，我想知道当我在js文件中使用它来显示网页中的内容时，如何从公共用户隐藏这些信息（空间ID和访问令牌值）。下面是我在主Js文件中使用的Javascript代码，用于在html文件中显示内容。

I am new in contentful and I am trying to display content from contentful to a web page. I am displaying the content using contentful.js, I wanted to know How can i hide these information(space id and access token values) from public users when i am using it in a js file to display contents in a web page. Below is the Javascript code which i am using in main Js file to display the content in html file.

var client = contentful.createClient({
  accessToken: 'b4c0n73n7fu1',
  space: 'cfexampleapi'
});

client.entries()
.then(function (entries) {
  // log the file url of any linked assets on image field name
  entries.forEach(function (entry) {
    if(entry.fields.SampleContent) {
      document.getElementById('sample_content_block').innerHTML = entry.fields.SampleContent;
    }
  })
})

提前致谢！

推荐答案

有几种不同的方法可以做到这一点。最简单的方法是将您的空间ID和accessToken移动到环境变量中。看看这篇关于如何使用Javascript进行操作的媒体帖子： https://medium.com/ibm-watson-data-lab/environment-variables-or-keeping-your-secrets-secret-in -a节点-JS-APP-99019dfff716 。

There a few different ways that you could do this. The easiest way would be to move your space ID and accessToken into an environment variable. Take a look at this medium post on how to do that with Javascript: https://medium.com/ibm-watson-data-lab/environment-variables-or-keeping-your-secrets-secret-in-a-node-js-app-99019dfff716.

然后在您的托管服务提供商处，您可以将环境变量设置为这些变量，您的代码就可以使用它们。

Then on your hosting provider, you'd be able to set the environment variable as those variables and your code would be able to utilize them.

值得注意的是，您在Contentful上添加的所有内容都被认为是只读的。公开您的Content Delivery API密钥（您的示例中的访问密钥）和您的空间ID不是以共享替代服务的API密钥的方式结束世界的。使用您发布的CDA密钥不会允许某人编辑您在Contentful上存储的任何数据，只是为了阅读它。

Something interesting to note is that all the content that you put onto Contentful is assumed to be read-only. Exposing your Content Delivery API key (the access key in your example) and your space ID isn't the end of the world in a way that sharing an API Key for an alternative service can be. Using that CDA Key you posted wouldn't enable someone to edit any of the data you have stored on Contentful, just to read it.

但是，您希望确保不公开CMA密钥（内容管理API密钥），因为这样可以让人们在Contentful中编辑和更改您的内容。

However, you want to make sure you don't expose your CMA Key (Content Management API Key) as that would allow people to edit and change your content in Contentful.

这篇关于隐藏内容空间id和访问令牌，客户端javascript文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！