Comments (3)
@chtushar This isn't a High-Security Risk
. The configuration snippet just identifies a Firebase project on Google servers. In fact, it is necessary to include it for users to interact with a Firebase project. This same configuration data is also included in every web or iOS or Android app that uses Firebase as its backend. It's just publicly available data.
Please close this issue.
from aura.
Workin on it... as the concern is correct....
Already fixed for Aura Admin in gdg-x/aura-admin#66
from aura.
Workin on it... as the concern is correct....
Already fixed for Aura Admin in gdg-x/aura-admin#66
@bharatagsrwal That's not a valid security bug as I mentioned in #80 (comment). Could you please explain why it's a valid concern?
Appending /__/firebase/init.js
to any Firebase domain will give you the config for that particular project. Such as for the PR you tagged, here it is: https://myaurapp.firebaseapp.com/__/firebase/init.js or https://auradmin.web.app/__/firebase/init.js
The configuration snippet just identifies a Firebase project on Google servers. It's just publicly available data.
from aura.
Related Issues (20)
- [Deprecate] Meetup support
- Fix: Speaker Page not found for speaker info
- Feat: ADD Logo in drawer
- Site is not able to fetch details from Meetup. HOT 1
- [Admin] Manage Speakers Page
- [Admin] Social Wall Page
- Documentation: Admin Panel User Setup HOT 2
- App not loading in Safari: Firebase messaging is not supported in Safari browser HOT 1
- CORB Issue
- Cloud Messaging Error HOT 2
- Github/npm security audit issues need to be addressed
- Firestore Issue after Enabeling enablePersistence() HOT 1
- Unable to render upcoming events HOT 1
- There is a text that mention Indian as destination of GDG effort
- Show YouTube Field in Event Page Template
- Either Your Internet is not Working or Site is not Configured HOT 6
- Firestore Rule
- Firebase Cloud Messaging not supported in Safari Browser HOT 2
- Template Creator HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aura.