13

Is it possible to restrict access to a resource (i.e. index.html) depending on whether the user is logged in or not? Maybe something like .htaccess?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
markovuksanovic
  • 15,676
  • 13
  • 46
  • 57

2 Answers2

14

No. Firebase hosting doesn't implement access control to static resources.

Also see the discussion in the comments of this question: Firebase route security without AngularFire

Community
  • 1
  • 1
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • 3
    Hi Frank, as said in the comments of our mentioned question, I have a confidentiality contract over the project, so I can´t have the CDN files (FrBs-Host) publicly available before project's release, and my clients live in other cities so we do advancement checks over Internet. Could you recommend some way around for using the actual FrBs-Host without letting the CDN to be publicly available rather than using another hosting? – DavidTaubmann Jun 14 '16 at 19:51
11

There's new info on this: https://firebase.google.com/docs/hosting/functions (example: https://github.com/firebase/functions-samples/tree/master/authorized-https-endpoint )

You should be able to use a Cloud Function to restrict access to content (which is server-side authenticated and generated).

WraithKenny
  • 1,001
  • 13
  • 15
  • 1
    Cloud functions are US hosting only, not usable for rest of the World – Spock May 19 '20 at 10:00
  • 1
    Cloud functions are meanwhile not only hosted in the US. For Firebase you can choose between regions in the US, Europa and Asia: https://firebase.google.com/docs/functions/locations – maxarndt Jul 02 '20 at 14:55
  • meanwhile "Firebase Hosting supports Cloud Functions in us-central1 only" as per https://firebase.google.com/docs/hosting/full-config#rewrite-functions – Kostiantyn Sokolinskyi Nov 12 '20 at 15:05