Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
1
vote
3 answers

Why are my firebase storage security rules are not enforcing and letting users upload images over the limit?

I have setup my storage security rules to only allow authenticated users to post images that are less than 3mb with the following rule: rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { //…
Lukas Vis
  • 407
  • 5
  • 14
1
vote
1 answer

How can i restrict unauthenticated access to Firebase Firestore while permitting new users to add account data?

I am using firebase authentication on my reactJS application. When a user signs up, an entry is added into firestore to store some account details at user/(UID). I need to create firestore rules that willL Prevent unauthenticated users from reading…
admin admin
  • 75
  • 5
1
vote
1 answer

i am getting Permission denied error when i upload image on firebase

I am working on Firebase image upload. but facing an error in my rules of storage. rules_version = '2'; service firebase.storage { match /b/savephoto-a1cc3.appspot.com/o { match /{allPaths=**} { // Allow access by all…
ADEEL FAROOQ
  • 51
  • 6
1
vote
0 answers

Cant access firebase storage console rules 403

I am having problems with firebase, i just recently started learning it. Im trying to setup my rules for firebase storage but it wont stop loading and i get error message 403 from the console. Full error message in JSON is: { "error": { "code": 403,…
Mango88
  • 23
  • 3
1
vote
1 answer

React Native firebase [firestore/permission-denied]

I have ploblems with English. I apologize in advance. Problems with firestore and auth Error: [firestore/permission-denied] The caller does not have permission to execute the specified operation. NativeFirebaseError: [firestore/permission-denied]…
HardKoT
  • 21
  • 2
1
vote
1 answer

Angular + Firebase : "Missing or insufficient permissions." on page refresh

I'm using Firebase authentication service. I'm using some basics rules which WORK when I'm using the app I have a service which fetch data from Firebase : export class WorkoutService { myWorkoutList: any[] = []; constructor(private…
Bastien GOUZERCH
  • 11
  • 1
1
vote
1 answer

Firestore security rules: Check for a field value from a firestore document to validate read/write operations

I want to allow read/write operation on a document only if: There's a valid account Document's id matches with the account's uid Account's email is verified and Account is stated as approved into another document containing list of uids and their…
Shivam Sahil
  • 4,055
  • 3
  • 31
  • 62
1
vote
1 answer

Cloud Firestore Security Rules give null for resource.data in production code

I am working on an app for education that gives teachers access to student assignment documents based on a common subject. I have set a custom claim client-side for the teacher and set documents with a common field, "subject". My rule looks like…
jhbiggs
  • 78
  • 7
1
vote
1 answer

How to add rule in Firebase to prevent read of parent element?

I have a Firebase database that I want to only allow users who have access to that application to be able to read from and write to. My data structure is like so: { "applications": { "id_1": { "feature": { "a": true, "b":…
Stretch0
  • 8,362
  • 13
  • 71
  • 133
1
vote
1 answer

Need advice for how to structure my data in Firestore

So I am trying to figure out the best structure for my use case. Currently it looks like this: salesItems | userId | salesItem1 | | salesItem2 | and so on. So the items are stored in a document named with the respective…
Christian
  • 834
  • 7
  • 18
1
vote
1 answer

Multiple user access to Realtime Database Path?

I'm currently working on a web app that utilises the realtime database. Currently my security rules are set out to allow each user access to their UID path. "$uid" :{ ".read": "auth.uid === $uid", ".write": "auth.uid === $uid" …
om123
  • 39
  • 4
1
vote
1 answer

What is the secure way to add Firebase (Firestore) queries to client side code for React Native?

I'm new-er in the stackoverflow community so if asking questions like this without code is frowned upon please just let me know in the comments how to ask Q&A like this. It seems like there are always videos/courses on how to make web/mobile apps…
RiskItAll
  • 239
  • 1
  • 11
1
vote
0 answers

How to authenticate the same user in 2 firebase projects / how to access data of project B while the user is authenticated in project A?

so I have a website, which has 2 firebase projects. One is my own firebase app (A), and another is the user's firebase app (B) who will be using my website. Consider it as a dashboard kind-of thing that i'm building where the user puts in their…
Faisal Sayed
  • 43
  • 3
1
vote
1 answer

Missing or insufficient permissions on an open read/write firestore

I'm getting an alert saying that I have missing or insufficient permissions when trying to access anything within this collection on the client-side of the app. On the console however, I get am able to do creating and writing. I also made sure to…
Andy
  • 113
  • 7
1
vote
1 answer

Why does firestore throw permission denied if the security rule parameter is not part of the query?

I know for every doc in my collection that request.auth.uid is in request.resource.data.users if request.resource.data.foo === bar // security rule match /collection/{id}/{document=**} { allow read: if request.auth.uid in…
Jan
  • 188
  • 1
  • 10
1 2 3
99
100