To secure your Flutter Web Application, you must restrict the API calls to Firebase from your authorized domains only.
Follow these steps to set API keys restrictions:
STEP 1 : Go to Google Cloud Platform > Console
STEP 2 : Select Firebase project from the top
STEP 3 : Select API & Services from the left menu
STEP 4 : Select Credentials
STEP 5 : Click on – Browser key (Auto created by firebase)
STEP 6 : Select Set application restrictions as “Websites” and ADD all your Live chat app URL (Custom Domains, if any) from the “Add” button
STEP 7 : Hit Save
Once you set the above restriction, when the next time you run the app in debug mode, it will fail to connect with firebase since localhost is not added in the above whitelisted websites list.
You must also add the debug browser URL above at STEP 6 while running the app in debug mode.