在火力web应用指南规定我应该把给定的apiKey在我的HTML初始化火力点:
// TODO: Replace with your project's customized code snippet
<script src="https://www.gstatic.com/firebasejs/3.0.2/firebase.js"></script>
<script>
// Initialize Firebase
var config = {
apiKey: '<your-api-key>',
authDomain: '<your-auth-domain>',
databaseURL: '<your-database-url>',
storageBucket: '<your-storage-bucket>'
};
firebase.initializeApp(config);
</script>
通过这样做,apiKey暴露给每个访客.这把钥匙的目的是什么,它真的是公开的吗?