55 results found
-
57 votes
-
32 votes
-
21 votes
-
Password-protected preview domains
Squarespace has a featured for "site-wide password protection" which is useful for staging unlaunched websites for stakeholders to review. This would help guard against any potential leaks.
Figma also has a feature similar to this.
We currently have to create a custom express.js server with an authentication middleware, but this is undesirable for several reasons:
- We'd have to re-create all of firebase hosting's serving features (i18n fallbacks, redirects, pretty urls, etc.)
- We can't easily test endpoints that are proxied to Functions/GCR
20 votes -
Secure Transport Layer Implementation
The "Secure Transport Layer Implementation" idea centers around fortifying the application's transport layer to mitigate vulnerabilities, particularly the risk of insufficient protection against attacks like POODLE. This vulnerability exposes the application to potential exploits, compromising the confidentiality and integrity of data exchanged between the application and its users.
Insufficient transport layer protection opens the door to various security threats, including man-in-the-middle attacks, data interception, injection of malicious content, and communication redirection. These threats undermine the trustworthiness of the application and jeopardize user data security.
To address this vulnerability effectively, it's imperative to reinforce the application's transport layer security by implementing…
17 votes -
17 votes
-
17 votes
-
Restrict Unauthenticated PURGE requests
At the moment Hosting is using Varnish cache which developers do not have access so they can't configure it, this leaves a small window for people to continuously Purge the page and increase the developer's usage
15 votes -
CDN Invalidation API
Add an official API to support cache invalidation via resource URL, header, or tag.
The rate limit to such an API should be high enough to support what people already do with the non-official API to invalidate by URL.
15 votes -
Support deployment of Nuxt 3 projects to Hosting
Currently, support for Web Frameworks (Beta) only supports Next.js and Angular: https://firebase.google.com/docs/hosting/frameworks/frameworks-overview. Nuxt is labeled as 'Soon' at https://github.com/FirebaseExtended/firebase-framework-tools
I just wanted to cast my vote for Nuxt 3 support and try out the new portal :) Thanks!
13 votes -
Allow URLs to be accessible fully, or by invitation, or by password protection, like Notion and Figma
Allow natively what we can do in Notion / Figma (sharing a prototype), by sharing a page with the followings options:
1/ allow a page to be fully accessible (that's already possible, so the default)
2/ allow a page to be viewed only if we provide another User a link.
3/ allow a page to be viewed if 2/ + password protected13 votes -
13 votes
-
Get rid of the egress data transfer fee for Firebase Hosting
All is described in the title. I no longer see any benefits to using Firebase Hosting when you have competition like Cloudflare pages that charges zero for egress traffic.
By reworking Firebase hosting egress fees, it could attract more users looking for a hosting solution and then convert them to a paid product linked with hosting like Firestore, Functions, etc.
9 votes -
Make Preview Channel URLs predictable or reusable.
We are looking for a way to create predictable preview URLs for our Firebase Hosting preview channels. We require this functionality to whitelist these URLs for accessing a Cloud CDN authenticated content bucket. Currently, the preview channel URLs generated by Firebase Hosting include a random hash (SITEID--CHANNELID-RANDOM_HASH.web.app), which makes them unpredictable.
The solutions we have devised include:
- Replace the random hash for something like https://<PROJECT_ID>--pr-<PULL_REQUEST_NUMBER>.web.app
- Make the preview channel URL persistent when deploying new versions.
7 votes -
7 votes
-
7 votes
-
dynamic robots.txt and favicon
Add capability to dynamically change robots.txt and favicon. The current behavior returns 404.
6 votes -
food
"Create a responsive, single-page food delivery application like Zomato or Swiggy using only HTML, CSS, and JavaScript (no frameworks). The app should simulate user interaction and have dynamic UI updates using JavaScript. Include the following features divided into key modules:
🧑🍳 1. Home Page & Restaurant Listing
A header navbar with logo, search bar, login button
A location selector (dropdown or modal)
A carousel/banner section for promotions
Display a list of restaurants with:
Restaurant Name
Ratings & Reviews
Cuisine Tags (e.g., Indian, Chinese, Pizza)
Estimated Delivery Time
Restaurant Image
Use JavaScript to load restaurant data from a local mock JSON…
5 votes -
Hosting should preserve the client's IP address when proxying to Cloud Run
When using hosting with rewrites to Cloud Run (e.g., routing all requests to /api/** to a Cloud Run container), the clientIp always reflects the IP address of a Google server rather than the actual client’s IP address. As a result, filtering incoming requests by IP address in the logs viewer becomes impossible.
It would be great if the x-forwarded-for header could be used to populate this field instead.5 votes -
Offer no bill in case of small website spam which could cause a houndred dollar bill for no reason.
When I chose to use Firebase. It was because it was a free database for small webpages with 10 SMS/day. Now, it seems that you changed the terms when I already put a lot of effort into using firebase. Now I need to use a Blaze plan for 10 SMS/day. This means the following: "Now I might get spammed by any hacker using a VNP + a bot". It doesnt matter how much time I spend on setting up anti-spam defense. I could still get spammed and have to pay thousands of dollars right? I have 2 solutions:
- You could…
5 votes
- Don't see your idea?