DEV Community

loading...

Discussion on: Hosting a react app with firebase

Collapse
herohtar profile image
Herohtar

There is no way to prevent your API configuration from being completely public. Even if you find some way to hide it in environment variables, Google exposes it themselves through the SKD auto-configuration URLs. Just append /__/firebase/init.json or /__/firebase/init.js to the root of any Firebase hosting domain and there's the credentials.