I have a project that uses Firebase and I thought that the safe way to store the Firebase access details would be to put them in .data/. So I have .data/config.js that contains the firebaseConfig JSON provided by Firebase.
But I get an HTTP 403 when my project tries to load this file. I don’t understand why. Is this directory supposed to be accessible when a project runs? If not, where should I put the Firebase info?