Frozen global object

If your app uses global object as a config, you should make sure, that this object is truly readonly. So that an attacker can not modify it in dev console. This is how to do it. // example of frozen global object // freeze the config object properties const config = Object.freeze({ httpApi: ‘http://127.0.0.1:20003/v1’, wsApi: ‘ws://127.0.0.1:3000’, enableReduxDevTools: true, minLegalAge: 18 // in years }); // make sure that the config object can not be replaced Object.defineProperty(window, “config”, { value: config, configurable: false, writable: false }); PS: I assume that “window” is sufficient as a global object. If your app runs …

Continue Reading