Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
9
votes
7 answers

Firestore security rules get field/id of reference

I have two collections - tenancies and users. A tenancy doc has a field called "landlordID" and is of type REFERENCE (not String). Now in my Firestore Security Rules I want to allow a tenancy to be updated ONLY IF the landlordID field of that…
John Dough
  • 93
  • 1
  • 6
9
votes
2 answers

Firebase security rules, ensure one "array remove" only, and only to userId

I have notification records where there is a text and a list of users (max 10). {text: "Beware of the dog", users: [ uid1, uid2, uid3, ... ]} When a user read/acknowledge the notification, I want to remove him from the list of users who can see…
Franck
  • 257
  • 2
  • 10
9
votes
2 answers

Firebase database rules allow update but prevent create

How to set the database rules with "allow to update but not allow to add new record"? I tried to simulate below but doesn't work.. My Data: { users:{ -randomID001:{ email:user@email.com, status:active }, -randomID002:{ …
Jerry
  • 1,455
  • 1
  • 18
  • 39
9
votes
1 answer

Secret URL authentication with Firebase

I have a client-side web app using Firestore and Cloud Functions. I would like to set up rules such that if a user has a secret URL for a document that user is able to write to it, without need any other kind of login or authentication. Something…
Xavier Shay
  • 4,067
  • 1
  • 30
  • 54
9
votes
1 answer

Is it possible to set storage rules using firestore of Firebase?

So I'm trying to set rules into storage, but I need to access to firestore to set it right. Here is my example: Into my firestore database I have a users collection which have a collection named items. The path look like this:…
Frost
  • 144
  • 1
  • 11
9
votes
2 answers

Firestore update fails with IllegalArgumentException: Invalid data. Unsupported type

When calling FirebaseFirestore.getInstance().collection("myCollection").document("doc1").update("field1",myObject); I get the error: IllegalArgumentException: Invalid data. Unsupported type: com.myProg.objects.MyObject (found in field…
CaptainNemo
  • 1,532
  • 2
  • 22
  • 45
9
votes
1 answer

Firebase Firestore missing or insufficient permissions using Expo (React Native)

I've been using FireStore for a project that works fine in the browser, but when I port the code to Expo, running on a iOS 11.2 iPhone X in the simulator, it keeps raising Error: Missing or insufficient permissions. Auth is working fine, and when I…
raphaeltm
  • 817
  • 1
  • 12
  • 22
9
votes
1 answer

Firestore rules map for object

I'm having a collection. Each document have an object readers which will store the uid of people who will have access to the documents. It could be one or many user that can access to a document I'm using angular firebase constructor(private…
William
  • 395
  • 1
  • 5
  • 17
9
votes
2 answers

When users SignOut of my Firebase app, why doesn't it also SignOut from the auth provider, say Google?

I am using Google as the auth provider to sign in with my app. My code calls the Firebase sign out method which redirects to the login page, but when user again clicks on the Google sign in button, it automatically authenticates and logs in into the…
Talha
  • 18,898
  • 8
  • 49
  • 66
9
votes
5 answers

Firebase - add database rules - Path contains invalid characters

I'm following the tutorial of firebase. But I can´t add the rules .read and .write
Ricardo
  • 7,921
  • 14
  • 64
  • 111
9
votes
3 answers

Firebase release apk not loading data

I am using firebase in my app, in debug apk everything works fine but when I change my build type to release and sign my apk and run the app data is not loaded am I doing anything wrong with rules? Can't attach debugger to a release mode apk so not…
Shivaraj Patil
  • 8,186
  • 4
  • 29
  • 56
9
votes
1 answer

Firebase Security Rules: .indexOn unique ids

I have this structure: "post": { "groupMember": { "-KHFHEHFWDB1213": "true", "-KSJHDDJISIS011": "true", "-KJSIO19229129k": "true" } } I want to .indexOn the auto-generated unique groupMember ids. I tried doing this: "post":…
leonardloo
  • 1,753
  • 3
  • 20
  • 31
9
votes
2 answers

Restricting Firebase security to a specific Google Apps domain?

I'm currently looking to use Firebase for an internal application that can only be accessed by employees with a Google Account from our organization. I have an understanding how I can restrict read/write access only to google logins, e.g. { …
Will Turnage
  • 113
  • 6
9
votes
2 answers

Firebase how to authenticate user through native facebook app

The firebase authentication api uses a browser pop up (Firebase.authWithOAuthPopup() in the new api cordova example ) . However, on mobile phones, most people use the native facebook app instead. for For cordova phone apps, authenticating through…
Jarnal
  • 2,138
  • 2
  • 26
  • 43
9
votes
1 answer

Firebase delete child with security rule !data.exists on write

I have a security rule for adding new data "CATEGORIES": { "$CATEGORIES": { ".write": "root.child('USERS/' + auth.uid + '/type').val() == 'admin' && !data.exists() || root.child('USERS/' + auth.uid + '/type').val() == 'admin' &&…
bdaz
  • 163
  • 4
  • 13
1 2 3
99 100