Why does Firebase still saying I have to change security rules, even if I changed them three days ago

Question

I changed security rules to:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow write: if request.auth != null;
          allow read;
          allow create: if isMine() && hasTimestamp();
  allow update: if isMine() && hasTimestamp() && isCalm();
  function isMine() {
    return request.resource.id == request.auth.uid;
  }
  function hasTimestamp() {
    return request.resource.data.timestamp == request.time;
  }
  function isCalm() {
    return request.time > resource.data.timestamp + duration.value(20, 's');
  }
    }
  }
}

But Firestore still sends me emails, that I must change security rules, or my database will be denied in 2 days. What rules I must add more? Thank you.

This is a better question for Firebase Support https://firebase.google.com/support — Display name, Jul 15 '22 at 12:11
You still have unsecure rules. Your reads also should be secured. — Marc Anthony B, Jul 15 '22 at 12:58
Yes, but I want from non authenticated user's to see web content. — Simon, Jul 15 '22 at 14:12
@Simon: That is a valid requirement. You'll either have to [explicitly grant the user access to the collections that your application code uses](https://stackoverflow.com/questions/65969299/firestore-security-for-non-authenticated-access/65969942#65969942) (instead of the blanket access you do now), or you can [disable the alert in the Firebase console](https://stackoverflow.com/questions/55388991/stop-firestore-warning-that-everyone-can-read-data/55389780#55389780. — Frank van Puffelen, Jul 15 '22 at 14:13
I rather do something, ,,better safe than sorry". But I have only one collection, so changing reads only to one collection is uselles. — Simon, Jul 15 '22 at 14:28

score 0 · Answer 1 · answered Jul 16 '22 at 09:34

With my research and own experiance, I can tell, why Firebase keepeed sending warnings, that I have to fix insecure rules. Well, after you'll apply strong rules, wait for two - even three days. Firebase has alert saying it will take max 24 hours. For inspiration, here are my very basic sec. rules, that you can find in docs:

allow read: if true;
allow write: if request.auth != null;

Why does Firebase still saying I have to change security rules, even if I changed them three days ago

1 Answers1