[Security] Firebase config credentials hardcoded in firebase.js — exposed in public repo with 682 forks

## Problem

`src/firebase.js` contains the Firebase project config object hardcoded
directly in source code:
```js
const firebaseConfig = {
  apiKey: "AIzaSy...",
  authDomain: "your-project.firebaseapp.com",
  projectId: "your-project-id",
  ...
};
```

This file is committed to a **public repository with 1k stars and 682 forks**.
These credentials have been copied hundreds of times. Without proper Firestore
Security Rules, anyone with the `apiKey` can read/write the database.

## Fix — Part 1: Move to environment variables

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] Firebase config credentials hardcoded in firebase.js — exposed in public repo with 682 forks #70

Problem

Fix — Part 1: Move to environment variables

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Security] Firebase config credentials hardcoded in firebase.js — exposed in public repo with 682 forks #70

Description

Problem

Fix — Part 1: Move to environment variables

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions