Is it safe to expose my account hash id as an env variable on the browser client


As the title implies, I want to expose the account hash id that hosts my Clouldflare Images service as an env variable in my browser. The use-case is to inject this env variable into image URL’s that I link to the src attribute of an img element and display those images to the user.

Since this is all done on the browser, the user will have access to the url of the image they are viewing, which includes my account hash id.

Is this a secure method of serving public-facing images?

Assuming you are referring to the hash that you see on the Images dashboard, yes, it is meant to be exposed while serving images to your end users. This account hash is not meant to be private (unlike an API key or token.)

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.