I made an IONIC project which can be authenticated with Facebook and Google and i put config file(in the picture) in the app.module.ts
Is app.module.ts
only seen by the developer?
-
Can user see this config file when user makes apk to code this project ?
-
Is this a bug that i made ? Do i have to make API for this ?
2
Answers
If you follow the Installation and Setup guide for
@angular/fire
, they keep it in the/src/environments/environment.ts
. I’m not sure if that’s the recommended place to keep any front-end configurations in the App.People have mixed opinions about it. You might want to read through this answer to know more.
I think making an API call would make it more prone to sniff and hack. Someone could see your Network Requests and get a hold of the response payload for that matter.
UPDATE:
No, it’s NOT SAFE to keep Firebase Config in environment.ts or environment.prod.ts.
As of now, AngularCLI only minifies the code. If you open up Devtools on your Browser, select
main.hash-code-for-the-bundle.js
and pretty print it, and then try to find by something likemessagingSenderId
, you’ll be able to see it.NOTE: This is a real production app.
This can all be made public (client-side). This is intended for client configurations. If you look under the
web
section in the Firebase console you’ll see that they tell developers to paste that in their client-side (JavaScript SDK) code.