Extraheaders outside the extraheaders section

Hi everyone,

I’m having perhaps an odd question but here I go.

Currrently I have the following code in the extraheaders property of my project:

<script async defer src="https://connect.facebook.net/en_US/sdk.js#version=v8.0&appId=[facebook_key]&xfbml=true&autoLogAppEvents=true"></script>

This solution works, however this leave exposed my facebook_key, and I do not want to do that (Unless I have to).

So what i thought is to keep that key in my server, retrieve it with a Webservice and execute the Facebook script with the Facebook_Key; but for that I need to execute the script in my code and not in the Extraheaders.

Is there anyway to do this?

Thanks in advance,
Adrian.

If you’re seriously concerned about security, your idea will not help. Someone could put a checkpoint in your code where you’re getting the key and look at it that way.

The only way to keep a key secure in a web app is to never let it get to the web app. You’ll need to do the operation which required the secret key on a server, then send the results to the web app.