IPFS Migration and secrets exposition


I’ve been using ipfs.add() with pin on ipfs.infura.io for a couple of years now and have around 12 000 files pinned.

Since IPFS is moving to premium, i created a premium account and made a script to move and pin all files to this premium account.

So far so good but now, i’m not 100% sure what the best option to deal with the new upload.
My webapp frontend expose the ipfs.add() code, the infura article if i’m correct recommend in that case to use security settings and only allow certains origins/ip.

This mean i still expose the secret right? but it doesnt matter as only certain origins/ip have access, I’m correct?

Also how will I dev locally?
I don’t have a fix ip address in my country so it will be a bit complicated but even without that, if i set a restriction on origin + another on my current IP, my calls from local machine are still rejected with “invalid origin” so how can i set origin restrictions for prod and still dev locally? They don’t stack?

Thanks in advance for the help and advices.