I’m using Helmet to help block cross-site scripting hacks on my site.
I noticed Helmet was blocking url
https://r.lr-in-prod.com/, If I load that page and check source, I see:
<script type="module" src="chrome-extension://jdkknkkbebbapilgoeccciglkfbmbnfm/hook.js"></script>
If I go to
chrome-extension://jdkknkkbebbapilgoeccciglkfbmbnfm/hook.js, I see minified JS, including strings such as:
- use strict
So, I’m thinking this is my excellent Apollo chrome extension, that is so useful. And I wouldn’t mind using it to access my Apollo data on my client in production.
Is it considered okay from a security point of view, to permit the client to use the Apollo plugin on a production site?