46 results found
-
Make Preview Channel URLs predictable or reusable.
We are looking for a way to create predictable preview URLs for our Firebase Hosting preview channels. We require this functionality to whitelist these URLs for accessing a Cloud CDN authenticated content bucket. Currently, the preview channel URLs generated by Firebase Hosting include a random hash (SITEID--CHANNELID-RANDOM_HASH.web.app), which makes them unpredictable.
The solutions we have devised include:
- Replace the random hash for something like https://<PROJECT_ID>--pr-<PULL_REQUEST_NUMBER>.web.app
- Make the preview channel URL persistent when deploying new versions.
3 votes -
0 votes
-
Hosting should preserve the client's IP address when proxying to Cloud Run
When using hosting with rewrites to Cloud Run (e.g., routing all requests to /api/** to a Cloud Run container), the clientIp always reflects the IP address of a Google server rather than the actual client’s IP address. As a result, filtering incoming requests by IP address in the logs viewer becomes impossible.
It would be great if the x-forwarded-for header could be used to populate this field instead.2 votes -
Updates ESLint to V9
The current version of ESLInt is V8 - Update it to V9
1 vote -
Secure Transport Layer Implementation
The "Secure Transport Layer Implementation" idea centers around fortifying the application's transport layer to mitigate vulnerabilities, particularly the risk of insufficient protection against attacks like POODLE. This vulnerability exposes the application to potential exploits, compromising the confidentiality and integrity of data exchanged between the application and its users.
Insufficient transport layer protection opens the door to various security threats, including man-in-the-middle attacks, data interception, injection of malicious content, and communication redirection. These threats undermine the trustworthiness of the application and jeopardize user data security.
To address this vulnerability effectively, it's imperative to reinforce the application's transport layer security by implementing…
12 votes -
Offer no bill in case of small website spam which could cause a houndred dollar bill for no reason.
When I chose to use Firebase. It was because it was a free database for small webpages with 10 SMS/day. Now, it seems that you changed the terms when I already put a lot of effort into using firebase. Now I need to use a Blaze plan for 10 SMS/day. This means the following: "Now I might get spammed by any hacker using a VNP + a bot". It doesnt matter how much time I spend on setting up anti-spam defense. I could still get spammed and have to pay thousands of dollars right? I have 2 solutions:
- You could…
1 vote -
VENDORS and Developer illegal claims of software
AAll Windows, PS4, PS5, XONE, XSXS online cost for play online games are starting at $10 up to 200 . The cost per hour online will cost 5 and hour. Where counting down the amount of hour children are allowed to play or Regulating these Councils because you don't learn anything from these game . We planning on adding a military testing 2 player shooting mode online for Educational purposes. These Simulator are binary military development platforms that civilian that unlisted one year in basic training get use those Simulator for team training Exercise . Cost for Devops package will…
1 vote -
dynamic robots.txt and favicon
Add capability to dynamically change robots.txt and favicon. The current behavior returns 404.
3 votes -
Disable build script in `firebase deploy` OR enable env configurations
Right now there's not the ability to select a build configuration. I want that either firebase leaves to the developers the option to build the app, or that a developer can instruct firebase to use a specific build configuration.
1 vote -
50 votes
-
BlackList for Hosting
Please block access from this UserAgent.
"Bytespider; spider-feedback@bytedance.com"3 votes -
Site Not Found
i have deployed and when i try to go on default site i see site not found
1 vote -
Full-stack preview channels
Hosting preview channels are great, and work well for client-side code, however for full-stack apps that require a server (either for SSR or API routes), the preview channel uses to the 'main' server as a backend. It would be great if the server side code also got deployed to a new firebase function and was managed alongside the hosting preview.
3 votes -
Allow a function to set the headers of a hosting endpoint dynamically
Right now there does not seem to be a way to dynamically set the headers of a hosting response using a function.
Among other things, this makes it impossible to use a nonce.
1 vote -
27 votes
-
21 votes
-
17 votes
-
Password-protected preview domains
Squarespace has a featured for "site-wide password protection" which is useful for staging unlaunched websites for stakeholders to review. This would help guard against any potential leaks.
Figma also has a feature similar to this.
We currently have to create a custom express.js server with an authentication middleware, but this is undesirable for several reasons:
- We'd have to re-create all of firebase hosting's serving features (i18n fallbacks, redirects, pretty urls, etc.)
- We can't easily test endpoints that are proxied to Functions/GCR
16 votes -
17 votes
-
Firebase hosting timeout should be configurable
I am using cloud run to and firebase hosting to have a custom domain to access my application.
I know Firebase doc mentions :
Firebase Hosting is subject to a 60-second request timeout. If your app requires more than 60 seconds to run, you'll receive an HTTPS status code 504 (request timeout).But I need to increase this timeout, since my cloud run app has a function to process data and write to an excel that can take up to 3mn.
2 votes
- Don't see your idea?