Hello,
We're getting a report from HackerOne that our permanent Prismic API token is included in our app.js file.
On our side, we use environment variables to store this value safely, but the gatsby-source-prismic
plugin seems to include it anyway.
Is it safe to display this value publicly? According to this thread, then it seems the answer is no.
Which other token should we use instead, or is there a way to tell gatsby-source-prismic
not to display this value publicly?
Thank you,
Nicolas