Closed KaMeHb-UA closed 6 years ago
Thanks for asking. You can not avoid appearing your api keys in your code or the network. It's not security bug. Firebase needs these information to connect. Instead you can set some security rules so users only access to the data they should access. It's why we have Firestore Rules. I haven't publish security rules but It would be for the React Social Network Version 1.0.0 alpha-1. Also you need to move some function like notifications to firebase cloud functions. For now I just can help with information. Let me know if any question.
Ok, thanks for a reply. But I ask that you keep this issue open before 1.0.0 alpha-1. Thanks!
This issue relate to #22 which you can follow. I'm going to close here.
77 is fixed but I still can get apiKey, db name and other secrets just by looking to the network requests made. It is real security bug, and must to be fixed. I am already working in this case, but I do not understand TypeScript as it should, so new components I writing in pure js. And it's so hard to work with someone's code, while you are not qualified with. So it may goes for a few weeks. I need a help with. May it can be fixed with firebase security rules?