如何使用 Angular 8/9 隐藏 API 密钥? [英] How to hide API Keys with Angular 8/9?

问题描述

我正在尝试调用 Firebase API.要调用这个 API，我们需要指定一个用户配置键.我怎样才能在我的代码中隐藏这个键?我不知道该怎么做.

I'm trying to call the Firebase API. To call this API, we need to specify a user config key. How can I hide this key in my code? I have no idea how to do.

如果我使用 environment.ts 文件，在构建之后，这些键会暴露在 main.js 文件中.

If I use the environment.ts file, after build, those keys are exposing in the main.js file.

ma​​in.js暴露的键

有什么办法可以避免main.js文件中这些key的暴露?

Is there any way to avoid the exposure of these keys in main.js file?

推荐答案

Firebase 的设计使您不必隐藏这些键.

Firebase is designed such a way that you do not have to hide these keys.

请参考文档此处并摘录如下:

Please refer to doc here and extract below:

与通常使用 API 密钥的方式不同，Firebase 服务的 API 密钥不用于控制对后端资源的访问；这只能通过 Firebase 安全规则来完成.通常，您需要严格保护 API 密钥(例如，通过使用保管库服务或将密钥设置为环境变量)；但是，Firebase 服务的 API 密钥可以包含在代码或签入的配置文件中.

Unlike how API keys are typically used, API keys for Firebase services are not used to control access to backend resources; that can only be done with Firebase Security Rules. Usually, you need to fastidiously guard API keys (for example, by using a vault service or setting the keys as environment variables); however, API keys for Firebase services are ok to include in code or checked-in config files.

这篇关于如何使用 Angular 8/9 隐藏 API 密钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！