how to hide the apikey, authDomain in the web app

[mz]

Hi,

If I put the JS code something like below in the web app. Will someone take my apiKey and authDomain using the "Inspect Element" tool? And Use them to do some bad things?

Anyway to protect this?

<script src="https://www.gstatic.com/firebasejs/live/3.0/firebase.js"></script>
<script>
  // Initialize Firebase
  var config = {
    apiKey: 
    authDomain:
    databaseURL:
    storageBucket:
  };
  firebase.initializeApp(config);
</script>

Thanks

[Michael Bleigh]

All of the client-side config is designed to be safe for public visibility. While others might be able to inspect code and see your URLs, they won't be able to do anything you haven't authorized. Do make sure you're using Security Rules for your Firebase Database and/or Firebase Storage.

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/dacf3f23-80fa-4555-87c7-578979c6acfc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[mz]

Thanks a lot for the help.