43 results found
-
Secure Transport Layer Implementation
The "Secure Transport Layer Implementation" idea centers around fortifying the application's transport layer to mitigate vulnerabilities, particularly the risk of insufficient protection against attacks like POODLE. This vulnerability exposes the application to potential exploits, compromising the confidentiality and integrity of data exchanged between the application and its users.
Insufficient transport layer protection opens the door to various security threats, including man-in-the-middle attacks, data interception, injection of malicious content, and communication redirection. These threats undermine the trustworthiness of the application and jeopardize user data security.
To address this vulnerability effectively, it's imperative to reinforce the application's transport layer security by implementing…
12 votes -
Hosting should preserve the client's IP address when proxying to Cloud Run
When using hosting with rewrites to Cloud Run (e.g., routing all requests to /api/** to a Cloud Run container), the clientIp always reflects the IP address of a Google server rather than the actual client’s IP address. As a result, filtering incoming requests by IP address in the logs viewer becomes impossible.
It would be great if the x-forwarded-for header could be used to populate this field instead.1 vote -
Offer no bill in case of small website spam which could cause a houndred dollar bill for no reason.
When I chose to use Firebase. It was because it was a free database for small webpages with 10 SMS/day. Now, it seems that you changed the terms when I already put a lot of effort into using firebase. Now I need to use a Blaze plan for 10 SMS/day. This means the following: "Now I might get spammed by any hacker using a VNP + a bot". It doesnt matter how much time I spend on setting up anti-spam defense. I could still get spammed and have to pay thousands of dollars right? I have 2 solutions:
- You could…
1 vote -
VENDORS and Developer illegal claims of software
AAll Windows, PS4, PS5, XONE, XSXS online cost for play online games are starting at $10 up to 200 . The cost per hour online will cost 5 and hour. Where counting down the amount of hour children are allowed to play or Regulating these Councils because you don't learn anything from these game . We planning on adding a military testing 2 player shooting mode online for Educational purposes. These Simulator are binary military development platforms that civilian that unlisted one year in basic training get use those Simulator for team training Exercise . Cost for Devops package will…
1 vote -
dynamic robots.txt and favicon
Add capability to dynamically change robots.txt and favicon. The current behavior returns 404.
3 votes -
Disable build script in `firebase deploy` OR enable env configurations
Right now there's not the ability to select a build configuration. I want that either firebase leaves to the developers the option to build the app, or that a developer can instruct firebase to use a specific build configuration.
1 vote -
45 votes
-
BlackList for Hosting
Please block access from this UserAgent.
"Bytespider; spider-feedback@bytedance.com"3 votes -
Site Not Found
i have deployed and when i try to go on default site i see site not found
1 vote -
Full-stack preview channels
Hosting preview channels are great, and work well for client-side code, however for full-stack apps that require a server (either for SSR or API routes), the preview channel uses to the 'main' server as a backend. It would be great if the server side code also got deployed to a new firebase function and was managed alongside the hosting preview.
3 votes -
Allow a function to set the headers of a hosting endpoint dynamically
Right now there does not seem to be a way to dynamically set the headers of a hosting response using a function.
Among other things, this makes it impossible to use a nonce.
1 vote -
26 votes
-
19 votes
-
17 votes
-
17 votes
-
Password-protected preview domains
Squarespace has a featured for "site-wide password protection" which is useful for staging unlaunched websites for stakeholders to review. This would help guard against any potential leaks.
Figma also has a feature similar to this.
We currently have to create a custom express.js server with an authentication middleware, but this is undesirable for several reasons:
- We'd have to re-create all of firebase hosting's serving features (i18n fallbacks, redirects, pretty urls, etc.)
- We can't easily test endpoints that are proxied to Functions/GCR
15 votes -
Manage minInstances setting of pinned functions of previous releases
Pinned functions of previous releases keep their minInstances setting. E.g. after deploying 10 times with a minInstances setting of 1, there will be 10 idling instances but only the newest revision handles all the traffic. Yet the remaining 9 instances' idle time is billed as well because the function is still addressable through the revision tag.
This also affects the maxInstances setting: With a maxInstances setting of 10, the newest Cloud Run revision which handles 100% of the traffic won't be able to scale anymore.
As far as I know, the only way to handle this right now is to…
5 votes -
CDN Invalidation API
Add an official API to support cache invalidation via resource URL, header, or tag.
The rate limit to such an API should be high enough to support what people already do with the non-official API to invalidate by URL.
12 votes -
13 votes
-
Pass all cookies to Cloud Functions or Cloud Run
Right now only a _session Cookie is passed.
https://firebase.google.com/docs/hosting/manage-cache#usingcookies5 votes
- Don't see your idea?