Skip to content

Commit

Permalink
Dont allow serialization of firestore settings
Browse files Browse the repository at this point in the history 
When logging any firestore object like WriteBatch,Transaction,etc the settings object also gets logged / exposed
This can be seen by running JSON.stringify on any firestore object even a document reference
Many developers log firestore objects to help them debug testing/prod issues, this leaking of entire firestore key via this._settings is a bad practice as per me
We can also use Object.defineProperty to make it non-enumerable or any other technique that you like
  • Loading branch information
@abhishekwebcode @ehsannas
abhishekwebcode authored and ehsannas committed Jul 11, 2022
1 parent f618e9f commit d928ef1
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions dev/src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -652,6 +652,7 @@ export class Firestore implements firestore.Firestore {
}

this._settings = settings;
this._settings.toJson = function(){ return undefined; }
this._serializer = new Serializer(this);
}

Expand Down

0 comments on commit d928ef1

Please sign in to comment.