'Can someone copy my Firebase config data? [duplicate]
I use firebase for authentication on JS. Everything is making in client side. Anyone can look my js files, copy the config datas, can make own project. How can I hide that datas? Because my plan is "pay as you go", If anyone copy that data, i have a big trouble. What should I do?
Maybe Firebase REST API can solve my problem. Is there any example about authentication with REST API.
I tried move codes Node.js but I couldnt handle it. You can see my index.js, It is on functions folder. I deploy it to firebase hosting. Authentication doesnt work.
const functions = require("firebase-functions");
const admin = require("firebase-admin");
const express = require("express");
const config = require('./config.js');
const app = express();
admin.initializeApp(config);
const app2 = initializeApp(config);
const auth = getAuth();
// // Create and Deploy Your First Cloud Functions
// // https://firebase.google.com/docs/functions/write-firebase-functions
//
app.post("/", async (req, res) => {
const user = req.body;
await admin.firestore().collection("users").add(user);
const mail=user.Email;
const pass=user.Password;
createUserWithEmailAndPassword(auth, mail, pass)
.then((userCredential) => {
// Signed in
const user = userCredential.user;
// ...
})
.catch((error) => {
const errorCode = error.code;
const errorMessage = error.message;
// ..
});
});
exports.widgets = functions.https.onRequest(app);
Solution 1:[1]
You can ensure that your firebaseConfig is stored in an environment variable. You can also secure the app with Firestore security rules and App Check
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Rafael Zasas |