github/meteor
1
1
Fork 0
mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12461 from jamauro/patch-2

Browse Source 
Update security.md
This commit is contained in:
Gabriel Grubba
2023-04-04 09:44:22 -03:00
committed by GitHub
parent 7f4a141607 52c30393f7
commit 86b2e595bc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
guide/source/security.md
View File

@@ -365,7 +365,7 @@ Meteor.users.methods.updateMMR = new ValidatedMethod({
});
```
Note that while the Method is defined on the client, the actual secret logic is only accessible from the server. Keep in mind that code inside `if (Meteor.isServer)` blocks is still sent to the client, it is just not executed. So don't put any secret code in there.
Note that while the Method is defined on the client, the actual secret logic is only accessible from the server and the code will **not** be included in the client bundle. Keep in mind that code inside `if (Meteor.isServer)` and `if (!this.isSimulation)` blocks is still sent to the client, it is just not executed. So don't put any secret code in there.
Secret API keys should never be stored in your source code at all, the next section will talk about how to handle them.