Is it save to expose firebase cloud messaging server key (legacy) and sender id in client js code ? If an attacker gain access to those keys what damage can attacker do ?
Asked
Active
Viewed 629 times
-1
1 Answers
0
As the name of the key already implies, the FCM server key should only be used on a server (or an otherwise trusted environment, such as Cloud Functions). Anyone who has this key can send messages to all users of your app.
Frank van Puffelen
- 565,676
- 79
- 828
- 807