Closed samsapti closed 2 years ago
Hi there,
Firebase API keys are not API keys in the literal sense, they are basically meant to be shared on the client-side safely as pointers / indicators to a project. And here's a source in case if you wish to learn more : https://stackoverflow.com/a/37484053/353276
Thanks for checking out our source code, and catching stuff like this tho! Please keep checking it and let us know if you bump into anything interesting! 👍🏻✌🏻
Ah, that makes sense. I've never worked with Firebase, so I thought it was an actual API key which should be kept secret. Calling it an API key is pretty misleading in that case though...
Hey, are you guys aware that, what seems to be your Firebase API key, is exposed in your source code right here? I don't know whether this is intended or not, I just stumbled upon it and thought I'd let you guys know :slightly_smiling_face: