the firebase web-app guide states should put given apikey in html initialize firebase:
// todo: replace project's customized code snippet <script src="https://www.gstatic.com/firebasejs/3.0.2/firebase.js"></script> <script> // initialize firebase var config = { apikey: '<your-api-key>', authdomain: '<your-auth-domain>', databaseurl: '<your-database-url>', storagebucket: '<your-storage-bucket>' }; firebase.initializeapp(config); </script> by doing apikey exposed every visitor. purpose of key , meant public?
the apikey identifies firebase project. not security risk know it. in fact, necessary them know it, in order them interact firebase project.
in sense similar database url firebase has historically been used identify back-end: https://<app-id>.firebaseio.com. see question on why not security risk: how restrict firebase data modification?
Comments
Post a Comment