提交4次,无从下手,这个审核不通过的问题怎么解决?官方能不能解答下I have submitted 4 times, but I have no idea where to start. How can I solve the problem of failing to pass the review? Can the official answer
提交4次,无从下手,这个审核不通过的问题怎么解决?官方能不能解答下1:小程序功能不符合规则:
(1):你好,当前提审小程序包中可能包含明文的AppSecret,存在泄漏的安全风险。一旦被恶意用户通过技术手段获取你的AppSecret,对方可以通过调用API获取你的小程序敏感数据,如接口调用凭证、用户信息、用户使用数据、小程序码等。出于安全考虑,开发者应将AppSecret保存 到后台服务器中,并严格保密,不向任何第三方等透露。建议你立即调整技术方案,去除小程序包中的AppSecret字样并重置可能已泄漏的AppSecret,消除风险。参考文档
请根据上述原因对小程序进行修改,并重新提交代码审核。
1: The applet function does not comply with the rules: (1): Hello, the current referral applet package may contain plaintext appsecret, which is a security risk of disclosure. Once a malicious user obtains your appsecret through technical means, the other party can obtain your applet sensitive data by calling the API, such as interface call credentials, user information, user use data, applet code, etc. For security reasons, developers should save appsecret to the background server and keep it strictly confidential and not disclose it to any third party. It is recommended that you immediately adjust the technical scheme, remove the word appsecret in the applet package, and reset the appsecret that may have been leaked to eliminate the risk. For reference documents, please modify the applet according to the above reasons and resubmit the code for review.
回答:
这个审核驳回说明已经很明确了吧,去检查小程序端是否存储了AppSecret,调整到后端,需要时使用接口获取
官方解答也是重新复述一遍
群主管理都是支付大佬
秘钥相关的信息不要在前端透出,也不要通过请求方式返回,涉及到的相关操作统一由后端处理