Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
1
vote
1 answer

Firestore Security Rule: Allow read only for Author rule not working

I'm trying to secure my Documents with a availability status, that can be public or private. Everybody can read public Documents and private Documents can be read by Users who have created the Document (meaning creatorUid is set to the user's…
Jonas
  • 7,089
  • 15
  • 49
  • 110
1
vote
1 answer

Firestore rule to access subcollection raising Missing or insufficient permissions

I am struggling with Firestore rules to allow access to some resources in a subcollection. I have some requests documents, that may present a sub-collection named status. My current rules are something like that: rules_version = '2'; service…
ALai
  • 739
  • 9
  • 18
1
vote
1 answer

Firestore security rule MapDiff methods on nested object

I am curious how MapDiff methods work on nested object for example addedKeys, for top level only object {"a":1}.diff({}).addedKeys() == ["a"].toSet() this is how it works but what about nested object? {"a":{"b":"1"},"c":"2"}.diff({}).addedKeys() ==…
Acid Coder
  • 2,047
  • 15
  • 21
1
vote
0 answers

How does Firebase identify my application and prevent other apps from impersonating my app?

I have created a project in Firebase and registered my app. I send data messages to this app. I do not want to have any user authentication on my app. However, I do want that all my FCM data messages be handled only by my app. No other app be able…
Shubham Agarwal
  • 95
  • 6
1
vote
2 answers

Check with Firestore security rules if optional dates and maps have valid types

In Firestore security rules we can check the types of optional strings and lists as follows: function reviewFieldsAreValidTypes(docData) { return docData.get('photo_url', '') is string && docData.get('tags', []) is list; } What would one…
Dan1ell
  • 355
  • 1
  • 4
  • 15
1
vote
1 answer

firebase rules how to make user can read only his data

I use firebase 8.10.0 white Vue Js. I use only Google as a provider for authentication and I want user to read-only his data, so i use firestore rules: my rules: rules_version = '2'; service cloud.firestore { match /databases/{database}/documents…
Adam
  • 89
  • 1
  • 9
1
vote
1 answer

How do we secure a Firebase Firestore without using Firestore Authentication? Or is it a must?

At this moment we have 1 Firebase Function running that connects to a Firestore database instance. It correctly connects to the Firestore database using the rules below, however this is insecure. rules_version = '2'; service cloud.firestore { …
Sacagaweja
  • 23
  • 7
1
vote
1 answer

How can I set up my firebase rules so only content-owners have read and write to their data?

I have checked the documentation but I am not sure how to apply that rule to my specific data structure, please check how my data is organized and provide me the rules as it is supposed to go. I am using realtime Database, in my app code I write and…
Yeury De los Santos
  • 35
  • 6
1
vote
1 answer

Bypassing Firestore Security Rules in jest tests

Currently working on a React/Typescript/Firebase Firestore project. When writing Jest-tests for some actions/functions that are called from the UI, I ran into the following problem: In the test file I'm able to setup the firestore client using the…
lawrence313
  • 107
  • 1
  • 1
  • 10
1
vote
1 answer

FireStore Multi-Group Permission Management

Can Firestore security rules manage security permissions across multiple groups? For example, suppose there are individual users Group1 and Group2. Group1 { groupId: string groupMembers { userId: string } } Group2 { groupId: string …
user10769880
  • 13
  • 2
1
vote
2 answers

in Security Firstore Rules does it possible to only make users to read data depending on field value?

for example in Firstore i have collection called products and every doc has boolen field called isAllow : false now in Security Firstore Rules How to make users can read only the docs with true value of isAllow field and the same with write .. i…
Mohammed Hamdan
  • 1,006
  • 5
  • 23
1
vote
2 answers

Prevent deployment of insecure rules on Firebase or Firestore

@askfirebase Is there any solution to prevent deployment of insecure rules ? Getting notified after 24 hours mite be a little to late!
dsl400
  • 322
  • 3
  • 14
1
vote
1 answer

How to allow only admin user can access Firebase realtime database?

I'm new to firebase, I am trying to have a Firebase realtime database where only the admin can write the data, the user only can read the data. I have seen the documentation that uses log-in(authentication) logic to control it. I'm not really sure I…
leojail
  • 307
  • 3
  • 12
1
vote
1 answer

Firebase security rules: allow 'get' when document has a specific field

My user signup process looks like buy a license on Stripe complete account afterwards In the Stripe webhook/cloud function, we get information on the email and the license and we store this in a new document in the firestore stripe-customers…
Marc Van Daele
  • 2,856
  • 1
  • 26
  • 52
1
vote
1 answer

Unity Android Build Errors due to Firebase Libraries

I am building an Unity app for android using Firebase Authentication and Firestore. It runs alright in the Editor and in the desktop build. However, when I build for Android, I get the error below: Autoconnected Player DllNotFoundException: Unable…
kbb
  • 3,193
  • 3
  • 18
  • 15
1 2 3
99 100