Security between Front-end and Back-end Layers in Wix / Corvid

I would like some clarifications regarding the security between layers of an application built with Wix.

The doubt is: whether the return of a function built on the Back-end with Corvid could be intercepted and read by someone when it is received in the Front-end layer of a Wix site.

Here’s a good article on Corvid Security Considerations .

You can contact the Wix support team if you have questions regarding this issue.

I mean, isn’t that the entire point of backend functions? You perform your private business logic on the server (keeping things like encryption keys private) and return the result to the front end, to be used directly or indirectly for front-end display purposes. The return value is the output, not meant to be sensitive. If in your case it is sensitive then you should extract more of the business logic into the backend and return only the data necessary for determining what’s shown on the page.

Or for a more factual answer: yes, that’s definitely easily possible. The result is returned in plain text and can been seen by inexpert users just by observing network traffic in browser tools.

Backend only return a value after execution function if you use return keyword

function in .jsw can be called from frontend or backend… but the code won’t run in frontend (user PC) it will be run in wix server and the after execution of that function you can return the value back to frontend

Yisrael, Lee, Salman2301
Thanks! for your attention, they helped me to understand this subject better.