ENV Vars have special behaviour, which is not documented. It should be documented. Would have saved us some hours of trying and research.
Also altering he message throw new ExpressionError('access to env vars denied'
to be different between realy denied on the backend, and to not available in frontend
My use case:
I want to provide urls to http request via env vars.
I think it would be beneficial to add this because:
It would save people from being frustrated and growing gray hair.