Is it save to expose firebase cloud messaging server key (legacy) and sender id in client js code ? If an attacker gain access to those keys what damage can attacker do ?
Asked
Active
Viewed 532 times
1 Answers
0
As the name of the key already implies, the FCM server key should only be used on a server (or an otherwise trusted environment, such as Cloud Functions). Anyone who has this key can send messages to all users of your app.
Frank van Puffelen
- 499,950
- 69
- 739
- 734