Leaked GCP FCM Server Keys Your app(s) expose FCM server keys

Asked Jan 20 '22 at 10:21

Active Jan 20 '22 at 10:21

Viewed 967 times

I created an app using appinventor and bought an extention for firebase to send cloud messages I set everything up like in the tutorial, but now I cant publish the app and I get a Mail that the Server Key is leak

https://diewildenstreamer.de/picture/Unbenannt.JPG - Tutorial
https://diewildenstreamer.de/picture/Unbenannt.png - Email
https://diewildenstreamer.de/picture/Unbenannt1.JPG.jpg - My Settings

asked Jan 20 '22 at 10:21

DJHeartFeelings

*firebaser here* Calls to the FCM REST API to *send* messages require that you specify the FCM *server-side** API key in your code. As its name implies, this key should only be used in server-side code, or in an otherwise trusted environment. The reason for this is that anyone who has the FCM server key can send whatever message they want to all of your users. By including this key in your client-side app, a malicious user can find it and you're putting your users at risk. See https://stackoverflow.com/a/37993724 for a better solution. – Frank van Puffelen Jan 20 '22 at 15:24

Leaked GCP FCM Server Keys Your app(s) expose FCM server keys

0 Answers0

Linked