I'm developing a website using Firebase and I noticed that I am able to access the sub-folder JavaScript files when I right click on the page -> View Page Source -> *.js link click. I know from other hosting services I am able to write a .htaccess file to prevent this sort of behavior. However, I haven't found any documentation on it for Firebase. I tried their URL Redirect and Rewrite options. However, the redirect just made the whole javascript portion of the website not work by generating an error code in the console "Uncaught SyntaxError: Unexpected token <" and the rewrite did nothing. Here's an example of the json file Firebase said to rewrite.
{
"firebase": "myfirebase",
"public": "app",
"ignore": [
"firebase.json",
"**/.*",
"**/node_modules/**"
],
"redirects": [ {
"source" : "/js/*.js",
"destination" : "https://www.firebase.com",
"type" : 301
}]
}
I want to be able to use all of the javascript files but prevent people on the internet from seeing these files. Is there any way to do that on Firebase? I want to make sure the website is secure.
I might be wrong, but firebase is mostly javascript based, which means every js file will run on the client's computer -> will be visible, and you can't really do anything about it. You might try to use an obfuscator, but that will hold back only those, who don't really want to see the sourcecode.