skip to Main Content

I made an IONIC project which can be authenticated with Facebook and Google and i put config file(in the picture) in the app.module.ts

Firebase Config For IONIC Angular

Is app.module.ts only seen by the developer?

  • Can user see this config file when user makes apk to code this project ?

  • Is this a bug that i made ? Do i have to make API for this ?

2

Answers


  1. If you follow the Installation and Setup guide for @angular/fire, they keep it in the /src/environments/environment.ts. I’m not sure if that’s the recommended place to keep any front-end configurations in the App.

    People have mixed opinions about it. You might want to read through this answer to know more.

    I think making an API call would make it more prone to sniff and hack. Someone could see your Network Requests and get a hold of the response payload for that matter.

    UPDATE:

    No, it’s NOT SAFE to keep Firebase Config in environment.ts or environment.prod.ts.

    As of now, AngularCLI only minifies the code. If you open up Devtools on your Browser, select main.hash-code-for-the-bundle.js and pretty print it, and then try to find by something like messagingSenderId, you’ll be able to see it.

    enter image description here

    NOTE: This is a real production app.

    Login or Signup to reply.
  2. This can all be made public (client-side). This is intended for client configurations. If you look under the web section in the Firebase console you’ll see that they tell developers to paste that in their client-side (JavaScript SDK) code.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search