1

I am hosting my website on Firebase's web hosting. I have two slightly different scenarios I'm trying to figure out. Scenario 1 - I want to prevent someone from accessing anything in my /images or /js or /css folder unless the request is coming from my own website. Scenario 2 - images/js/css should only be accessible when request is coming a specified other domain (eg, the web domain of a customer who has paid for the privilege so I'm granting permission).

If this were not Firebase I know I would set up rewrites in the htaccess file. I know that's not an option for Firebase but I was hoping I could accomplish the same thing by configuring rewrites in the firebase.json file, as explained in the Docs. Unfortunately, I'm just not getting it.

I've searched around and found another stackoverflow answer but it's rather old and I know Firebase is really actively updated, so it's not clear to me if this answer is out of date.

I am willing to use Firebase file hosting or functions or any other solution.

Is this possible? Am I on the right track thinking it can be done in firebase.json? If yes, how do I implement scenarios 1 and 2?

Thank you.

CindyHoskey
  • 67
  • 1
  • 3
  • The other answer is still accurate. Firebase Hosting doesn't provide any way to protect content - everything is always public. – Doug Stevenson May 22 '20 at 19:04
  • @cindyhoskey, i'm in the same situation as you regarding "scenario 1", and i've pretty much decided to do all these with aws cloudfront and waf, and migrate my assets all to s3 to avoid hotlinking. (p.s. people so often says things in firebase hosting is public and confuse them with hotlinking ) – jimzcc Jun 25 '20 at 06:56
  • Thanks, @ioojimooi. I'll look into doing something like that, too. – CindyHoskey Jun 29 '20 at 13:17

0 Answers0