Qolzam
commented
6 years ago Thanks for asking. You can not avoid appearing your api keys in your code or the network. It's not security bug. Firebase needs these information to connect. Instead you can set some security rules so users only access to the data they should access. It's why we have Firestore Rules. I haven't publish security rules but It would be for the React Social Network Version 1.0.0 alpha-1. Also you need to move some function like notifications to firebase cloud functions. For now I just can help with information. Let me know if any question.
KaMeHb-UA
77 is fixed but I still can get apiKey, db name and other secrets just by looking to the network requests made. It is real security bug, and must to be fixed. I am already working in this case, but I do not understand TypeScript as it should, so new components I writing in pure js. And it's so hard to work with someone's code, while you are not qualified with. So it may goes for a few weeks. I need a help with. May it can be fixed with firebase security rules?