问题
I have been using FCM to deliver notifications that uses POST requests that require FCMs server key. How do I still send notifications without having the fcm server key client side for security reasons?
回答1:
There is no way to securely send messages from one client device to another client device with FCM. You always need a trusted environment (such as a server that you control, your own development machine, or Cloud Functions) to do that, where you can enforce whatever "who can send to whom" rules you want.
For more on this, see:
- Sending notifications between Android devices with Firebase Database and Cloud Messaging
- How to send device to device messages using Firebase Cloud Messaging?
- How to send Device to device notification by using FCM without using XMPP or any other script.? Note the downvotes on the accepted answer: while this technically works (and may be what you are doing), it is not secure and puts you at a serious risk of allowing a malicious actor to send messages to your users on your behalf.
来源:https://stackoverflow.com/questions/53183533/where-should-i-store-my-fcm-server-key-if-not-on-client-side-for-security-ios