Frozen global object

Posted byDavid Votrubec Leave a comment on Frozen global object

If your app uses global object as a config, you should make sure, that this object is truly readonly. So that an attacker can not modify it in dev console.

This is how to do it.

// example of frozen global object
// freeze the config object properties
const config = Object.freeze({
  httpApi: 'http://127.0.0.1:20003/v1',
  wsApi: 'ws://127.0.0.1:3000',
  enableReduxDevTools: true,
  minLegalAge: 18 // in years
});

// make sure that the config object can not be replaced
Object.defineProperty(window, "config", { 
  value: config,
  configurable: false,
  writable: false 
});

PS: I assume that “window” is sufficient as a global object. If your app runs in different environment then browser, then you will need to modify the code accordingly.