I would like some clarifications regarding the security between layers of an application built with Wix.
The doubt is: whether the return of a function built on the Back-end with Corvid could be intercepted and read by someone when it is received in the Front-end layer of a Wix site.
I mean, isn’t that the entire point of backend functions? You perform your private business logic on the server (keeping things like encryption keys private) and return the result to the front end, to be used directly or indirectly for front-end display purposes. The return value is the output, not meant to be sensitive. If in your case it is sensitive then you should extract more of the business logic into the backend and return only the data necessary for determining what’s shown on the page.
Or for a more factual answer: yes, that’s definitely easily possible. The result is returned in plain text and can been seen by inexpert users just by observing network traffic in browser tools.
Backend only return a value after execution function if you use return keyword
function in .jsw can be called from frontend or backend… but the code won’t run in frontend (user PC) it will be run in wix server and the after execution of that function you can return the value back to frontend