Adding firebase config to React is safe?

Question

I'm uploading images to firebase storage from my react app. The firebase config

const firebaseConfig = {
apiKey: "<apiKey>",
authDomain: "<authDomain>",
databaseURL: "<databaseURL>",
projectId: "<projectId>",
storageBucket: "<storageBucket>",
messagingSenderId: "<messagingSenderId>",
appId: "<appId>",
measurementId: "<measurementId>"
};

is actually added on the front end (React) in the src folder as guided by most tutorials. Is it safe to deploy it like this? Won't the users be able to gain access to this firebase config file?

score 2 · Accepted Answer · answered Jun 10 '20 at 11:53

It is safe because you can configure your firebase database security rules to allow read/write access to only authenticated users. So even if someone has access to your api key, it won't be of much use.

From the docs

Firebase Security Rules stand between your data and malicious users. You can write simple or complex rules that protect your app's data to the level of granularity that your specific app requires.

Adding firebase config to React is safe?

1 Answers1