DEV Community


Discussion on: Hosting a react app with firebase

herohtar profile image

There is no way to prevent your API configuration from being completely public. Even if you find some way to hide it in environment variables, Google exposes it themselves through the SKD auto-configuration URLs. Just append /__/firebase/init.json or /__/firebase/init.js to the root of any Firebase hosting domain and there's the credentials.