The Daily WTF is a humorous yet insightful blog that highlights absurd, puzzling, and downright bizarre coding practices, software design decisions, and IT anecdotes encountered in the wild. Through anonymous submissions and reader-contributed stories, The Daily WTF exposes the pitfalls of poor software engineering, questionable coding practices, and humorous tales from the trenches of IT. Developers can learn  lessons from the mistakes and misadventures shared on The Daily WTF, reminding them of the importance of code quality, best practices, and maintaining sanity in the world of software development.

The Daily WTF

A developer discovered that a major online gift retailer (1-800-Flowers) was exposing sensitive API keys directly in client-side JavaScript, including PayPal client IDs, Venmo profile IDs, Auth0 credentials, Visa Checkout API keys, and address verification tokens. The leak was visible to anyone who opened browser dev tools. The root cause appears to be developers bundling environment configuration into a React single-page application without distinguishing between public and private data, likely to support both web and mobile app deployments from a single build.

Development Tools