CODEWITHSUNDEEP
angularjsfirebasesingle-page-applicationfirebase-hostingfirebase-tools
Antonio Ooi
Antonio Ooi

Reputation: 1828

Firebase SPA rewrite rules not redirecting to index.html

I just started to build a Single-Page App on Firebase Hosting using AngularJS framework. I have run firebase init and chosen to rewrite all urls to /index.html as shown below:

"hosting": {
    "public": "public",
    "ignore": [
      "firebase.json",
      "**/.*",
      "**/node_modules/**"
    ],
    "rewrites": [
      {
        "source": "**",
        "destination": "/index.html"
      }
    ]
  },

I have my partial view templates stored in the following folders:

public/templates/home/dashboard.html
public/templates/courses/default.html

My Angular routings are working correctly and have my public/index.html checks for authorized access, including those partial views, and redirect the user to login view if the user has not been authenticated.

However, when I try to paste the URL of my template HTML files directly onto the browser address bar, Firebase does not redirect it to /index.html:

http://localhost:5000/templates/home/dashboard.html
http://localhost:5000/templates/courses/default.html

All the above template files are loaded on the browser and viewable by any unauthorized users who know the URLs of these template files. I have tried to add the following rules to my firebase.json file but none of them work:

Test #1:

"rewrites": [
      {
        "source": "**",
        "destination": "/index.html"
      }, 
      {
        "source": "/templates/**/.*",
        "destination": "/index.html"
      }
    ]

Test #2:

"rewrites": [
      {
        "source": "**",
        "destination": "/index.html"
      }, 
      {
        "source": "/templates{,/**}",
        "destination": "/index.html"
      }
    ]

NOTE: I did restart firebase serve for every attempt, but I'm not sure if the cache will affect this type of testing. I also don't know how to clear the server cache either.

My questions are:

  1. What is the correct way to write the url rewrite rule in order to redirect users to /index.html when direct accessing to these partial view templates?
  2. If there is no way to prevent direct access to partial view templates through the Firebase url rewrite rules, is there any other way that I can prevent this for security purposes?

Upvotes: 1

Views: 1969

Answers (2)

John
John

Reputation: 104

Use redirects instead of rewrites

"hosting": {
    "redirects": [ {
        "source": "/foo",
        "destination": "/bar",
        "type": 301
    } ]
}

Add ** to source to append destination with additional URL string.

E.g.

"hosting": {
    "redirects": [ {
        "source": "/foo**",
        "destination": "/bar",
        "type": 301
    } ]
}

Results in /foo?var=bar redirecting to /bar?var=bar

See Configure redirects for more info.

Upvotes: -1

I'm Joe Too
I'm Joe Too

Reputation: 5840

Firebase hosting will serve static content with priority above dynamic rewrites. See this hosting order.

If you don't want those views accessed directly, you could move them to a cloud function and setting up your hosting to reroute "templates" to serve that cloud function. Then you can configure your cloud function to provide/deny access as needed.

Upvotes: 3

Related Questions