There are times where an engineering team might want to privately test out an upcoming feature in the frontend, but doesn't want to make that public for all to see prior to its public release (i.e. enabling a feature flag only for a certain population). This is difficult/impossible since frontend code can be inspected in the browser. What are some good solutions to this problem? What are industry norms?
Haven't done this recently but the last time I set a cookie with a specific value on an authenticated server side URL only accessible to testers. Inside the actual app implementing the feature I'd check for that cookie/value and if present serve the content implementing the feature. If you didn't present the cookie/value combo you got served the production template w/o the new feature. This was for a client who didn't have a staging/test environment so everything had to regrettably be done "live".<p>It's not bulletproof, anyone MITMing the connection could grab the cookie and access the feature, a tester could share the private URL & userid/password, etc.