Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
10
votes
1 answer

Loops available in rules for firestore?

I wonder if there is any simpler way to achieve this rule. Just started to experiment with firestore. match /emails/{emailId} { allow write: if request.resource.data.attachments.size() == 0 || request.resource.data.attachments.size() == 1…
Mugetsu
  • 1,739
  • 2
  • 20
  • 41
10
votes
3 answers

Recursive wildcards in Firestore security rules not working as expected

I have a data structure like this (Collections and Documents rather than JSON of course but you get the idea): { users: { user1:{ name: Alice, groups: { groupA:{subbed:true}, groupB:{subbed:true} …
popClingwrap
  • 3,919
  • 5
  • 26
  • 44
10
votes
1 answer

Firestore read rules with self condition

I'm currently trying to build small app on firebase as an evaluation of it. It looks interesting and super productive, but I have one problem with firestore rules. I have one collection (games) with objects looking like this: { "name":String, …
Mariusz Zawadzki
  • 479
  • 1
  • 3
  • 13
10
votes
1 answer

How can handle separate login for two types of users in same firebase app?

I have a scenario and looking solution for that. I am working on an application and Using Firebase to create and authenticate the User. In my app, basically two types of users (1.User & 2. Vender) and User can signIn on app but vender need to login…
Purushottam
  • 844
  • 14
  • 25
10
votes
1 answer

Does Firebase Email and Password authentication have any security configuration options?

While sniffing the Firebase traffic, I have seen that a code is passed to the auth server so that it always returns a 200 status code. This shows that there is some level of optional security at some level in the authentication protocol. Is there a…
Merlyn Morgan-Graham
  • 58,163
  • 16
  • 128
  • 183
10
votes
5 answers

How to Redirect with UI Router When Session Expires in Firebase

I'm using Angular with Firebase and UI Router. I'm using anonymous authentication. When a session expires, I would like the unauthenticated user to be redirected to the homepage. I've used the Yeoman Angularfire Generator as a model. But when I use…
Ken
  • 3,091
  • 12
  • 42
  • 69
10
votes
5 answers

How do I give permissions to another user on firebase?

Where can I add an extra user on firebase settings. I cannot find the place to do it. Do I have to set it up using json on the security tab?
hopper
  • 4,230
  • 8
  • 36
  • 49
10
votes
1 answer

Is there a firebase security rule to only allow appending to a list?

I'd like to create a simple chat app, but I don't want any user to be able to edit the chat-entry list - but I do want any user to be able to append to it. Is this possible?
Chris2048
  • 511
  • 5
  • 19
10
votes
1 answer

How do I restrict signup to a product in Firebase

If I create a new product, use simple auth, there is a "create user" API. How do I restrict it so that only invited emails (either by the email or via a one-time key) can sign up? Doesn't seem to fit easily into the rules, but I am probably missing…
deitch
  • 14,019
  • 14
  • 68
  • 96
9
votes
2 answers

How check if field exists with firestore rules?

I have a firestore database with a collection of products and a collection of categories. I want give at the user the delete permission on the categories collection only if the category document not have a products field. the products field is an…
SaroVin
  • 1,583
  • 3
  • 23
  • 46
9
votes
3 answers

Setting Firebase Firestore security rules so only users can CRUD their own data and all else is ignored

I have an app that is designed so authenticated users via Google only have access to their own data with no "social" features. I want to know the security rules for the below criteria. Let's say I have 5 collections and one of them is called "todos"…
William
  • 4,422
  • 17
  • 55
  • 108
9
votes
3 answers

Flutter - How do I use await inside the streambuilder?

I want to use await inside streambuilder. However, if you use async inside, you get an error. On the code below !!!!!!!! That's the part I want to solve. Thank you very much if I can tell you how. class _MemoStreamState extends State
CHOI YOOBIN
  • 166
  • 2
  • 8
9
votes
4 answers

Firestore Rules coverage report - Request expression never evaluated

Recently I have been using firebase for my new app. Since you can define your own rules on firestore, I wanted to try that out. To test these rules I am running the firestore emulator. When I try to authorize some test user I always get a timeout…
Snieder
  • 483
  • 3
  • 6
9
votes
2 answers

security rules to allow update of specific fields

I am new to security rules. I have to write security rule to prevent a user to update a document except one field. lets say i have a doc { field1 : one, field2 : two, field3 : three, . . . fieldn : n } the user logged in should be able to…
Sonu Sharma
  • 304
  • 4
  • 13
9
votes
1 answer

stop Firestore warning that everyone can read data

I am getting a warning email from Firebase Firestore every day saying that: "any user can read your entire database" But in my case it's an open database where everyone can read the data. I have set up my security rules like so: service…
mesqueeb
  • 5,277
  • 5
  • 44
  • 77
1 2 3
99 100