Firebase · Authenticationintermediate
Firebase Project Config (firebase.json)
A firebase.json wiring up Hosting with SPA rewrites and cache headers, plus Firestore and emulator settings — a typical web-app deploy config.
firebasehostingfirestoreconfigdeploy
Preview
{
"hosting": {
"public": "dist",
"ignore": [
"firebase.json",
"**/.*",
"**/node_modules/**"
],
"rewrites": [
{
"source": "**",
"destination": "/index.html"
}
],
"headers": [
{
"source": "**/*.@(js|css|woff2)",
"headers": [
{
"key": "Cache-Control",
"value": "max-age=31536000, immutable"
}
]
}
]
},
"firestore": {
"rules": "firestore.rules",
"indexes": "firestore.indexes.json"
},
"emulators": {
"auth": {
"port": 9099
},
"firestore": {
"port": 8080
},
"hosting": {
"port": 5000
},
"ui": {
"enabled": true
}
}
}AI actions
Documentation
Purpose
Describe how the Firebase CLI deploys a project — hosting rewrites, headers, Firestore rules, and local emulators.
When to use
Deploying a single-page app to Firebase Hosting with Firestore, and running the local emulator suite during development.
Required fields
- No single field is required — you include only the products you use (hosting, firestore, functions…).
Optional fields
- hosting.rewrites — SPA fallback to index.html
- hosting.headers — cache-control and security headers
- firestore.rules / indexes — database config files
- emulators — local ports for the emulator suite
Best practices
- Use a catch-all rewrite to index.html for client-side routing.
- Set long cache lifetimes on hashed static assets, short on HTML.
- Keep security rules in a separate firestore.rules file, referenced here.
Security considerations
- firebase.json is safe to commit — it holds no secrets or API keys.
- Your real security boundary is firestore.rules, not this file.