Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
21
votes
4 answers

How to revoke an authentication token?

Say I generated an authentication token, and to save on processing and remote calls, I've set it's expiration data some 30 days in the future. Now I want to remove this account from my system, is there a way to revoke the authentication token I have…
TTimo
  • 1,276
  • 1
  • 13
  • 20
20
votes
2 answers

Firestore rules for document field

I'm struggling within Firestore to set security rules for a document. With the RTDB is was possible to set rules for a specific object property and I'm trying to do the same with Firestore. RTDB Code: "users": { ".read": true, ".indexOn":…
Edblocker
  • 430
  • 1
  • 3
  • 15
20
votes
2 answers

Restrict Firebase database access to one Android app

I'm working on an Android app that reads from a Firebase database. App users won't be logging in or modifying the database. All app users will be looking at the same data; I'm using Firebase for its real-time update features. Ideally, I would like…
Michiyo
  • 1,161
  • 1
  • 14
  • 33
20
votes
1 answer

How is my data secure with firebase?

I have been looking at the demos of Firebase and i am amazed at the functionality and flexibility to store data online. Also looked at the AngularJS Projects tutorial on its homepage, with Firebase as the backend. However, before starting to use it…
shasi kanth
  • 6,987
  • 24
  • 106
  • 158
19
votes
1 answer

Firestore security rules: what happens with request.resource.data. on update?

My team has discussed this lately, and can't seem to determine for sure actual/intended behavior: If you have a security rule like the following: match /categories/{document=**} { allow update: if request.auth.uid != null &&…
DauleDK
  • 3,313
  • 11
  • 55
  • 98
19
votes
5 answers

Firestore security rule get() not work

The solution is in the end of the post. Check it out. Решение проблемы в конце поста. Дочитайте. just a simple question: whats wrong with this and why this is not working? Trying to get access with user who has role 'admin' in users section to the…
numfin
  • 301
  • 1
  • 2
  • 6
19
votes
2 answers

Regenerate Web API key of Google Firebase

How do I regnerate my Web API key for Google Firebase? I deleted the autogenerated one due to misguided reasons. If it's not deletable, do I need to create a just a new App or a new Project?
ehacinom
  • 8,070
  • 7
  • 43
  • 65
19
votes
2 answers

Adding and ".indexOn": ".value" into Firebase Rules

I'm studying AngularJS and Firebase and I'm playing with a simple ChatApp, just to understand the code. My Firebase DB structure is like this: "chat": { "messages": { "chat1": { [ list of messages ] }, "chat2": { [ list of…
Marco Cavanna
  • 329
  • 1
  • 5
  • 14
18
votes
3 answers

Can debug logging be added to firestore rules functions?

Given that the firestore rules structure allows for functions, is there some way to add debug logs to those rule-functions ? .. in order to verify that the function you expect, is in fact being called. I see that with the simulator it shows a red X…
Gene Bo
  • 11,284
  • 8
  • 90
  • 137
18
votes
2 answers

Cloud Firestore rules on subcollection

I'm working on an iOS app which has (whoah surprise!) chat functionality. The whole app is heavily using the Firebase Tools, for the database I’m using the new Cloud Firestore solution. Currently I'm in the process of tightening the security using…
Gertjan.com
  • 410
  • 1
  • 3
  • 12
17
votes
4 answers

FirebaseError: [code=permission-denied]: Missing or insufficient permissions

I have a simple collection reference in a service firebase.auth().onAuthStateChanged(user => { if (user) { this.itineraryCollection = firebase .firestore() …
Quan Hodges
  • 277
  • 2
  • 5
  • 14
17
votes
1 answer

Firestore Security Rules: use array_contains to determine authorization

Can I use the equivalent of array_contains in Firebase Security Rules? I have an Event class (corresponding to Event documents in the events collection). Each document has a subscribers list/array that contains the UIDs of all the users who should…
markvgti
  • 4,321
  • 7
  • 40
  • 62
17
votes
12 answers

Firebase storage security rules 400 error issue "Permission denied. Could not access bucket xxxxx-****.appspot.com"

I keeps getting message error from firebase link saying 400 error with my firebase storage upload in my react project when trying to upload photo... everything were working fine before and uploads images successfully, but now it stop uploading of…
General Omosco
  • 606
  • 1
  • 10
  • 20
17
votes
2 answers

How to allow only particular fields of a firestore document to be accessed publicly

Suppose I have this structure in a firestore database: collection[ document: { x: 'x', y: 'y' } ] and I have this firebase rule in place: service cloud.firestore { match /databases/{database}/documents { match…
Muhammad Saqib
  • 1,037
  • 3
  • 10
  • 16
17
votes
1 answer

Firebase rules reset by themselves

I cannot find an answer to this in the documentation. The default Firebase rules are: { "rules": { ".read": "auth != null", ".write": "auth != null" } } I have edited mine to look like this and saved them: { "rules": { …
cheenbabes
  • 382
  • 1
  • 8
  • 17
1 2 3
99 100