Comments (6)
Just got another false positive.
For your reference this is what the Firebase console tells you to put in your web-apps:
<script src="https://www.gstatic.com/firebasejs/5.10.0/firebase.js"></script>
<script>
// Initialize Firebase
var config = {
apiKey: "AIzaSyCmE__wXbMOsoM4_xey2a__Ikc589_jWCg",
authDomain: "ollyg-game-deals.firebaseapp.com",
databaseURL: "https://ollyg-game-deals.firebaseio.com",
projectId: "ollyg-game-deals",
storageBucket: "ollyg-game-deals.appspot.com",
messagingSenderId: "887268788986"
};
firebase.initializeApp(config);
</script>
from apisecuritybestpractices.
Thanks for your feedback :). we will definitely look into it for the link for the false positive button.
For the secret detection part we are working on excluding Google API keys that are designed to be exposed publicly.
from apisecuritybestpractices.
Should be fixed right now thanks, closing the issue
from apisecuritybestpractices.
@ericfourrier should both issues be fixed or just the button?
I've also received a false positive for an OAuth 2.0 Client "Secret" (not sure if those are in some way different from other Google API keys) in an open source Java application just about 25 minutes ago.
from apisecuritybestpractices.
I also had this false positive. My API key is for javascript front end connected to firebase, which is intended to be public.
from apisecuritybestpractices.
I am still getting the false positive notification about allegedly exposed API keys, it's not critical though but necessary when using google firebase.
from apisecuritybestpractices.
Related Issues (11)
- The Contributing link in the README 404s
- ETH Adresse as DO API key detected
- False positive? DigitalOcean
- False positive, Firebase API key HOT 3
- False positive – Travis CI secrets
- True and false positive. HOT 1
- Unable to Delete user Account
- Serious issue with secret storage advice HOT 1
- Please stop spamming the GitHub community with your "services"!
- False positive disclosure email: link does not work. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apisecuritybestpractices.