Airtable rows exposed in dev tools

If you look the console of an item details block in dev tools on the browser, the entire record from airtable is exposed.

Is there anyway to not have this data exposed? This is actually a little concerning.

1 Like

@artur can speak to this better than I can, but my understanding is that if you are trying to expose only certain fields of a table to an app like Softr that is using the Airtable API, what you must do is create a separate table into which you sync only the fields you want to be exposed.

Another way to say this is that despite what mappings you create in Softr, you should assume that all fields in a table being accessed by the Airtable API are exposed.

In few weeks only fields that are visible in UI will be exposed. If you have sensitive info for now pls move to another table.

1 Like

Thanks @artur. Great to hear.

Is this going to affect script implementations that pull data from the window.records object? A huge chunk of what makes my app work is access to that object in full.

I feel like it should only pull the fields that are available in the view you are pulling the data from. This would give users more control over what is available

@bryan.stafford yes to avoid that we might offer you a workaround to have a hidden block with mapped fields so you still can get access

Update here? what about the situation?

Hi Lea,
here is a workaround that can be useful in the meantime.

1 Like

End of January we will have only visible fields being exposed via API

1 Like

Nice for the security, @artur do you know if the window.records JavaScript functionality will be maintained? (like discussed in this post)

I would like to know because if I develop my script and it no longer works at the end of January, that’s not cool :stuck_out_tongue_closed_eyes:

@lea do you use fields from a table which are not available in UI ?

For the moment no, but everything can be considered. For example a button calling a Js function to modify the content of a text (depending on the type of logged in user for example) and then display it to the user?

Considering a style like this one <style><head>#mybutton {display: none;}</style></head> and switch it with my Js script <script>mybutton.style.display = "inline-block";</script> after clicking the button, do you think it’s a button not available in the user interface @artur ?

@lea what you shared based on user should be fine.

Any updated ETA on this?

@Jakob half of the blocks (when updated) already not exposing extra fields and the other half will be in this and next week.

Do you happen to know which blocks have already been updated? Not your fault of course, but I just realized we’re exposing a LOT that we shouldn’t be. Trying to decide how to proceed with a fix.

@artur On a related note, can we get an email notification any time a block has been updated? Would help in being proactive versus just happening to be editing a page and seeing that an update’s available.

1 Like

Great idea. Just brought that up here.

1 Like

And what about fields from a table which are not available in UI ? Some of my blocks are using not displayed fields, we talked about a button allowing script to work on data ?