[{"data":1,"prerenderedAt":177},["ShallowReactive",2],{"blog-launch/vue-app":3},{"id":4,"title":5,"body":6,"category":156,"date":157,"dateModified":157,"description":158,"draft":159,"extension":160,"faq":161,"featured":159,"headerVariant":163,"image":164,"keywords":164,"meta":165,"navigation":166,"ogDescription":167,"ogTitle":164,"path":168,"readTime":164,"schemaOrg":169,"schemaType":170,"seo":171,"sitemap":172,"stem":173,"tags":174,"twitterCard":175,"__hash__":176},"blog/blog/launch/vue-app.md","Vue App Launch Security Checklist: 14 Items Before Going Live",{"type":7,"value":8,"toc":150},"minimark",[9,19,22,44,60,79,94,110,115,118,121],[10,11,12,16],"tldr",{},[13,14,15],"p",{},"TL;DR",[13,17,18],{},"Vue apps run in the browser, so secrets must stay on the server. Before launch, check for v-html usage with untrusted content, verify VITE_ env vars don't contain secrets, ensure backend validates all inputs, and test authentication works server-side.",[20,21],"print-button",{},[23,24,27,32,36,40],"checklist-section",{"count":25,"title":26},"4","API Keys and Secrets",[28,29],"checklist-item",{"description":30,"label":31},"Vue code is visible in browser. Secret keys must stay server-side.","Verify no secret keys in client code",[28,33],{"description":34,"label":35},"These are bundled into the build. Only use for public values.","Check VITE_ environment variables",[28,37],{"description":38,"label":39},"Grep for sk_, pk_, api_key, password, secret, token","Search for hardcoded secrets",[28,41],{"description":42,"label":43},"Check no sensitive data is exposed in API requests/responses","Review Network tab in DevTools",[23,45,48,52,56],{"count":46,"title":47},"3","XSS Prevention",[28,49],{"description":50,"label":51},"v-html renders raw HTML. Only use with trusted, sanitized content.","Audit v-html usage",[28,53],{"description":54,"label":55},"Verify :href and :src don't allow javascript: URLs from user input","Check URL bindings",[28,57],{"description":58,"label":59},"Enter \u003Cscript> tags in form fields, verify they're escaped","Test with malicious input",[23,61,63,67,71,75],{"count":25,"title":62},"Authentication and API",[28,64],{"description":65,"label":66},"Don't trust Vuex/Pinia auth state. Server must verify on every request.","Backend validates authentication",[28,68],{"description":69,"label":70},"Navigate to protected URLs in incognito mode without logging in","Test protected routes directly",[28,72],{"description":73,"label":74},"Client validation can be bypassed. Server must validate everything.","Backend validates all inputs",[28,76],{"description":77,"label":78},"API should only accept requests from your domain","CORS configured correctly",[23,80,82,86,90],{"count":46,"title":81},"Build and Deployment",[28,83],{"description":84,"label":85},"Check vite.config.js for sourcemap: false in production","Source maps disabled in production",[28,87],{"description":88,"label":89},"http:// should redirect to https://","HTTPS enforced",[28,91],{"description":92,"label":93},"Catch issues you may have missed with manual review","Run automated security scan",[95,96,97,104],"faq-section",{},[98,99,101],"faq-item",{"question":100},"Is Vue.js secure for production?",[13,102,103],{},"Vue.js uses template compilation that prevents most XSS attacks by default. However, v-html directive can introduce XSS if used with untrusted content, and like all client-side frameworks, Vue apps must never contain secret API keys.",[98,105,107],{"question":106},"How do I secure API keys in Vue?",[13,108,109],{},"Never put secret keys in Vue code. Create a backend API that holds your secrets and makes authenticated calls on behalf of your Vue app.",[111,112,114],"h3",{"id":113},"scan-your-vue-app","Scan Your Vue App",[13,116,117],{},"Find security issues automatically before launch.",[13,119,120],{},"Start Free Scan",[122,123,124,130,135,140,145],"related-articles",{},[125,126],"related-card",{"description":127,"href":128,"title":129},"Pre-launch security checklist for v0 by Vercel generated components. 14 critical items to verify before deploying v0 cod","/blog/launch/v0-app","v0 Component Launch Security Checklist: 14 Items Before Going Live",[125,131],{"description":132,"href":133,"title":134},"Pre-launch security checklist for Vercel deployments. 14 essential items covering environment variables, headers, and pr","/blog/launch/vercel-deployment","Vercel Deployment Launch Security Checklist: 14 Items Before Going Live",[125,136],{"description":137,"href":138,"title":139},"Security checklist for viral readiness. 15 essential items to verify before your app goes viral, covering scale, abuse p","/blog/launch/viral-ready","Viral Ready Security Checklist: 15 Items Before Going Viral",[125,141],{"description":142,"href":143,"title":144},"Security checklist for public API launches. 16 essential items to verify before opening your API to external developers,","/blog/launch/api-public-launch","API Public Launch Security Checklist: 16 Items Before Opening Your API",[125,146],{"description":147,"href":148,"title":149},"Security checklist for beta launches. 14 essential items to verify before inviting your first beta users, including data","/blog/launch/beta-launch","Beta Launch Security Checklist: 14 Items Before Inviting Beta Users",{"title":151,"searchDepth":152,"depth":152,"links":153},"",2,[154],{"id":113,"depth":155,"text":114},3,"launch","2026-02-18","Pre-launch security checklist for Vue.js applications. 14 essential items covering client-side security, API integration, and deployment best practices.",false,"md",[162],{"question":100,"answer":103},"orange",null,{},true,"Pre-launch security checklist for Vue apps. 14 essential items before deploying.","/blog/launch/vue-app","[object Object]","Article",{"title":5,"description":158},{"loc":168},"blog/launch/vue-app",[],"summary_large_image","LBzKYpB-ARoPqNTf67CLg_Pv31F2RccWtRA8HxlD2XE",1775843935481]