Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
17
votes
2 answers

Firebase error: Blocked all requests from this device due to unusual activity

I am getting the error below when testing Firebase authentication We have blocked all requests from this device due to unusual activity. Try again later. How do I fix this without deleting any data? There has to be a way to enable…
Emad
  • 4,110
  • 5
  • 30
  • 35
17
votes
1 answer

FireBase - how to list user-specific data?

Currently I've been looking at FireBase, and have been using the AngularJS plugin, and have found the following problem I cannot get out of. I currently have implemented the simple login system. Logged in with my mail and password after registering,…
Peter Willemsen
  • 735
  • 1
  • 7
  • 13
16
votes
3 answers

@firebase/testing - How to use auth custom claims in firestore rules tests?

I'm almost good with all my tests for Firestore Rules. But, I still need to test some path for the admin. The admin in my app is not the Firebase admin, it's an user with privileges set like this in its customClaims : claims: {admin: true} How I…
Spoke44
  • 968
  • 10
  • 24
16
votes
3 answers

Firestore Security - allow only known fields

I can’t figure out how to properly set the ‘.validate’ rule in Firestore. Basically, I want to allow a User document to contain only the fields I know: user { name: "John" phone: "2342222" address: "5th Avenue" } I dont want any other fields…
Fabio Berger
  • 163
  • 1
  • 4
15
votes
1 answer

Difference between allow write and allow create update in Firebase database rules

Could anyone tell me what is the difference between allow write and allow create update in writing conditions for Cloud Firestore Security Rules?
amstriker
  • 339
  • 7
  • 19
15
votes
3 answers

Firestore Security rules without Authentification

I store data in a Cloud Firestore database. Users in my app don´t need to create an account to get data and they can also write data without to login. Google reminds me every few days that my database is insecure and can be abused by anyone. How can…
Vueer
  • 1,432
  • 3
  • 21
  • 57
15
votes
1 answer

How to source control Firestore database security rules and update them automatically

Is it prudent to save Firestore security rules in the source control of the code (Github)? In addition what is the best way to deploy the security rules automatically when cloning the repository and installing the application for the first time (For…
CaptainNemo
  • 1,532
  • 2
  • 22
  • 45
15
votes
1 answer

Firebase token.email_verified going weird

Ok so im making a blog which requires users to login through firebase. To post comments, their email has to be verified I know how to verify the email, and i did so with my test account. When i typed into the…
notrota
  • 1,048
  • 10
  • 21
15
votes
2 answers

Firestore security rule using reference to another document

I am trying to base a security rule on a reference to another object. I have a collection of users and collection of roles. A user object has a field called "role" that is a reference to a particular document in the roles collection. users id …
Geo242
  • 451
  • 5
  • 13
15
votes
3 answers

Is there a simulator for Firestore security rules?

I'm looking for a way to test the new rule set efficiently. I'd like to test the rules before I make the decision to switch over to Firestore from the Realtime Database. Please provide a solution or indicate if there are any works-in-progress.
Vincent
  • 1,553
  • 1
  • 11
  • 21
15
votes
3 answers

How to debug Firebase security rules/permissions

In Firebase 2 a user could create a custom token and specify a debug flag, this in turn would return a lot of debugging information about the permissions. In Firebase 3, it appears this has been removed. Is there any way, maybe through the REST API…
Ramzi C.
  • 1,691
  • 1
  • 14
  • 27
15
votes
1 answer

Creating temporary anonymous users in Firebase

I'm trying auto-generate user accounts that I can save data with, and later promote those to proper username/password accounts. Any ideas on the best way to do that? It wasn't clear to me whether or not I could switch auth providers from anonymous…
Jonathan K
  • 651
  • 6
  • 15
14
votes
1 answer

Setting firestore security rules without using Firebase Authentication

I have an angular web application and I am not using Firebase Authentication, for logging in my users, as it's done via a service. Right now, my firestore account has full access, anyone can perform any operation. I read the documentation of…
Sarah Mandana
  • 1,474
  • 17
  • 43
14
votes
2 answers

How do you debug Firestore security rules?

I'm crying myself to sleep on this one. My getAfter is returning an object that only has 1 field, as every other field type is incorrect. Which I have no idea how to check without any debugging tools (I can't see the data, so its all guess and…
ColdLogic
  • 7,206
  • 1
  • 28
  • 46
14
votes
2 answers

Firestore security rules based on map values

I want to store if a user is permitted to read a document in the document itself, based on the user's email address. Multiple users should have access to the same document. According to the documentation Firestore does not allow querying array…
Marcel Bochtler
  • 1,291
  • 1
  • 14
  • 23
1 2 3
99 100