Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
25
votes
2 answers

Firestore Access Rules that Rely on a Document Reference

Firestore has a DocumentReference type, which is a "pointer" to another firestore document. Using the firebase JavaScript client, you can access properties (e.g. document "id"), directly on the reference. For example, if there is a document with a…
wtk
  • 1,431
  • 15
  • 15
24
votes
7 answers

Email: [Firebase] Client access to your Cloud Firestore database expiring in X day(s)

I got an email that indicates I was developing in "test mode", but that it left my database completely open to the internet. The default rules I initially accepted look like this: rules_version = '2'; service cloud.firestore { match…
Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
24
votes
1 answer

Firebase: set security rules depending on user roles

I would like to implement "write" security rules in Firebase depending on users roles. My data structure is like this: + myapp + users + john + email: "john@mail.com" + roles + administrator: true + mary + email:…
MarcoS
  • 17,323
  • 24
  • 96
  • 174
24
votes
3 answers

Is there a way to restrict registrations in firebase

Is there a way to restrict users from registering firebase email/password accounts so that new users can't sign up? I have a small app that only a few admins need to have access to(which I've manually created in the Firebase admin) and the way it's…
binaryorganic
  • 1,554
  • 4
  • 17
  • 25
23
votes
2 answers

Are API keys "autogenerated by Firebase" in GCP secure?

After creating project in Firebase multiple Google Cloud Platform API keys were auto-generated: Server key (auto created by Firebase) Android key (auto created by Firebase) Browser key (auto created by Firebase) All keys are marked with "!" sign…
sdf3qrxewqrxeqwxfew3123
  • 1,265
  • 11
  • 16
23
votes
11 answers

Firestore Security Rules - How can I check that a field is/isn't being modified?

For the life of me, I cannot understand why the following is resulting in a false for allowing writes. Assume my users collection is empty to start, and I am writing a document of the following form from my Angular frontend: { displayName:…
Andrew M.
  • 832
  • 1
  • 8
  • 18
23
votes
3 answers

Firestore security rules check if reference exists

I'm wondering how I could check if a document value is a reference to another document and the document exists using firebase security rules. What I tried: function validate(document) { return exists(document.reference) } match…
Ichor de Dionysos
  • 1,107
  • 1
  • 8
  • 30
23
votes
1 answer

Using an unspecified index. Consider adding ".indexOn": "g"

I'm using Geofire to do a circleQuery in a certain area. With my observers set up I am getting back locations, however, with the location I also get back a "Using an unspecified index. Consider adding ".indexOn": "g"" My db for my geofire looks like…
jshah
  • 1,599
  • 2
  • 17
  • 38
23
votes
1 answer

Securing Firebase: Preventing administrators from being able to see all users' data in the Forge?

I'm building an app that stores users' potentially-private notes. It's a little weird to me that I can just go into the Firebase Forge UI and look up anything which anyone has written, and it also means that anyone who somehow gains access to my…
tobek
  • 4,349
  • 3
  • 32
  • 41
22
votes
1 answer

How to synchronize Firestore rules and indexes?

I have a Firebase project, which uses Firestore. I often manually modify security rules and indexes on the Firebase console, but I also have local copies on my dev machine (firestore.rules and firestore.indexes.json), which become out of sync when I…
Satoshi Nakajima
  • 1,863
  • 18
  • 29
22
votes
6 answers

Allow update on single field in firestore

I want to give a user the right to update a document. But ONLY if the user updates one specific field of this document. All other fields shouldn't be changed by this user. Is this possible in firestore? I tried something like this: function…
progNewbie
  • 4,362
  • 9
  • 48
  • 107
22
votes
4 answers

Firestore Rules to restrict write access to a specific field in a document

I am using Stripe for payments. For this, I have the following data model in Firestore: Users/{userId}/payments/{document} each {document} is an object that looks like: { amount: 55 token: {...} charge: {...} } Users must be able to to write…
astrojams1
  • 1,523
  • 2
  • 15
  • 29
22
votes
3 answers

In Cloud Firestore rules - How do I check if a key is null

In Cloud Firestore Rules - I have a document called task and I want to see if some data (assignee field) is null / don't exists. I've tried: resource.data.assignee == null - Does not work (Error) !resource.data.hasAll(['assignee']) - Does not work…
Gal Bracha
  • 19,004
  • 11
  • 72
  • 86
22
votes
5 answers

Firebase: How to keep an Android user logged in?

I'm using Firebase SimpleLogin to enable Email / Password authentication. Creation of users and subsequent login is all working fine. However, whenever I leave the app (even if only for a few seconds) the user is never logged in on my return…
Neil
  • 1,821
  • 4
  • 14
  • 27
21
votes
1 answer

How to upgrade to firebase storage rules v2

Today when I tried to update my firebase storage rules I got a message about upgrading them. How do I do that? i deploying storage i firebase.storage: checking storage.rules for compilation errors... ⚠ [W] undefined:undefined - Ruleset uses old…
Jørgen Rasmussen
  • 1,143
  • 14
  • 31
1 2
3
99 100