0

The following code is part of index.html (now renamed into index.php) and used for Firebase authentication. Because it's a flutter project, I was already looking for it on their websites. Unfortunately everybody can see the credentials easily by view HTML source code in browsers. I renamed the index.html into index.php and like to assign the Firebase auth constants in a separate php file (lets call it credentials.php). How to do it properly in order that it works? Here is the essential part of index.php:

<!-- Firebase Configuration -->
<script>
  var firebaseConfig = {
    apiKey: "AIzaSyxxx",
    authDomain: "xxx.firebaseapp.com",
    projectId: "xxx",
    storageBucket: "xxx.appspot.com",
    messagingSenderId: "xxxx",
    appId: "xxx",
    measurementId: "xxx"
    
    };
const app = initializeApp(firebaseConfig);

    // Initialize Firebase

</script>

All my attempts failed. How to do it properly in order that it works?

Gerd
  • 1
  • 2
  • 1
    There are configuration data, not your typical traditional API keys. See my answer here for more on that: https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public/37484053#37484053 – Frank van Puffelen Aug 28 '23 at 21:56

0 Answers0