12

Is it possible to restrict access to a resource (i.e. index.html) depending on whether the user is logged in or not? Maybe something like .htaccess?

Frank van Puffelen
  • 499,950
  • 69
  • 739
  • 734
markovuksanovic
  • 15,126
  • 11
  • 43
  • 56

2 Answers2

13

No. Firebase hosting doesn't implement access control to static resources.

Also see the discussion in the comments of this question: Firebase route security without AngularFire

Community
  • 1
  • 1
Frank van Puffelen
  • 499,950
  • 69
  • 739
  • 734
  • 3
    Hi Frank, as said in the comments of our mentioned question, I have a confidentiality contract over the project, so I can´t have the CDN files (FrBs-Host) publicly available before project's release, and my clients live in other cities so we do advancement checks over Internet. Could you recommend some way around for using the actual FrBs-Host without letting the CDN to be publicly available rather than using another hosting? – DavidTaubmann Jun 14 '16 at 19:51
10

There's new info on this: https://firebase.google.com/docs/hosting/functions (example: https://github.com/firebase/functions-samples/tree/master/authorized-https-endpoint )

You should be able to use a Cloud Function to restrict access to content (which is server-side authenticated and generated).

WraithKenny
  • 931
  • 12
  • 15
  • 1
    Cloud functions are US hosting only, not usable for rest of the World – Spock May 19 '20 at 10:00
  • 1
    Cloud functions are meanwhile not only hosted in the US. For Firebase you can choose between regions in the US, Europa and Asia: https://firebase.google.com/docs/functions/locations – maxarndt Jul 02 '20 at 14:55
  • meanwhile "Firebase Hosting supports Cloud Functions in us-central1 only" as per https://firebase.google.com/docs/hosting/full-config#rewrite-functions – Kostiantyn Sokolinskyi Nov 12 '20 at 15:05