6

I am trying to secure some pages behind firebase auth -however every time I try open them - I seem to be able to browse to them. Even when I follow the documentation.

I can't seem to find anyway to restrict the page to be accessible only to authorized users.

Any idea how best to approach this?

Edit: Looks like its not supported directly without building a lot of custom code. It would be brilliant if they can support a simple htaccess file or similar. - Here is a link to post feature request https://firebase.google.com/support/contact/bugs-features/

UKDataGeek
  • 6,338
  • 9
  • 46
  • 63

2 Answers2

3

All static content (HTML, CSS, JS, and other files) published to Firebase Hosting is publicly accessible if you know the URL. There are no authentication controls you can easily configure to change this behavior.

If you need to protect content, you could set up some code via Cloud Functions that checks the user's authentication and serves the content based on its decision.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
  • 6
    Thanks Doug. Thats really disappointing - as it means we can't use Firebase hosting easily for staging environments when we are working with customers. We need to secure the staging environments (usually we do this quickly via HtAccess ) Its a big miss for us if we don't have this feature. If we have to use other hosting for staging urls then we risk introducing bugs when we go production. Can I suggest this feature? – UKDataGeek Dec 16 '17 at 08:12
  • 1
    Please file any bugs reports or feature requests here: https://firebase.google.com/support/contact/bugs-features/ – Doug Stevenson Dec 16 '17 at 08:16
  • 2
    I have done it - as another idea if you give a feeedback request number when its logged, then people can post those ideas on stack overflow - and you guage level of interest. – UKDataGeek Dec 16 '17 at 08:23
0

I suggest saving needed secret part of HTML/JS in Firestore with security rules and dynamically upload it to page after auth.

Eric Aya
  • 69,473
  • 35
  • 181
  • 253
Valentin Vedic
  • 1