Stack Overflow
Stack Overflow

Questions tagged [firebase-security]

The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.

Security Rules determine who has read and write access to the data in your Firebase Database, Cloud Storage for Firebase, and Cloud Firestore. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.

For the Firebase Database and Cloud Firestore, the rules also validate how your data is structured, and what indexes exist. For Cloud Storage, the rules can also be used for data validation, including validating file name and path as well as file metadata properties such as content type and size. For Cloud

To learn more about Firebase's Security API, see:

Related tags

5411 questions
1
vote
0 answers

how NOT to call OncePerRequestFilter before unsecured controller

I am following an example that has code that I modified per spring-security-filter-only-on-secured-endpoints . @Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/secureSide/**") …
puzzled
  • 509
  • 1
  • 5
  • 18
1
vote
2 answers

how can I read and write as an admin even if the rules set to false in Firebase Realtime Database

As an admin I am trying to get the users data so that I could 'read' and 'write' even through the rules of the firebase 'read','write' set to be false. users | "uid" |-firstname: "xyz" |-lastname: "xyz" |-email: "xyz@gmail.com" …
Aisha Kumari
  • 193
  • 2
  • 9
1
vote
1 answer

Firebase Firestore deleteDoc() not working

I am working on my first Web App using firebase and I have hit a problem I can't find the solution to. I am trying to delete a document by Id, The function works fine however the document is not deleted. I have set the Firestore rules to allow…
Shahzaib
  • 103
  • 1
  • 11
1
vote
1 answer

Problem with Firebase Authentication, etc

In a quick search I realized that my problem with Firebase Authentication is a common problem for many users who have complained for over 2 years! Maybe the complaints weren't clear so I'll try to be detailed in explaining the problem. I would like…
Maickel Bourscheid
  • 13
  • 3
1
vote
1 answer

Firestore duration type

It seems one can write Firestore rules that check that a value is of the duration type, like this: allow write: if request.resource.data.bla is duration; However, it's totally cryptic how to produce such a value, at least from the web APIs. The…
gustavohenke
  • 40,997
  • 14
  • 121
  • 129
1
vote
0 answers

Permission Denied when rules updates with user authentication

This is my real rime database. This is the code i used to create db. const db = firebase.database() const frRef = db.ref('Foreign/' + UserId); frRef.set({ }); }); ` this is the rules i applied here. "foreign": { ".indexOn":…
KUL
  • 51
  • 4
1
vote
1 answer

firebase security rules , how deny permission after change password

I'm building a web app and I'm using firebase to store data, I'm trying to make the user log out on to all devices when a password change or deny the user from "read" and "write" on firestore rules that are already authenticated on a different…
Darwin
  • 13
  • 3
1
vote
1 answer

Firestore only allow modification of field if user not contained in array

I have a document like Field Score: number Field usersThatRated: array How can I enforce in the firestore rules that only users whose id is NOT included in the usersthatRated array are allowed to increment/decrement the score?
Boris Grunwald
  • 2,602
  • 3
  • 20
  • 36
1
vote
0 answers

Securing Firebase RTDB with multiple databases for chat app

I am on the blaze plan and building a chat functionality in my app using Firebase realtime database. I have 3 databases for now : Main instance that contains sharding information and users chats' info. The 2 other instances will contain the chats…
Tom3652
  • 2,540
  • 3
  • 19
  • 45
1
vote
1 answer

request.auth.uid is not working in firestore security rule

I have firestore DB like below, uid field contains, uid of the authenticated user who has added the document security role: rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match /crush/{doc} { allow…
jay fegade
  • 83
  • 8
1
vote
1 answer

Firestore rules : check the existence of a value in array

I want to give permission of read and write just to users whom exist in the members group but I don't know why it doesn't work ? This is the rules in firestore : rules_version = '2'; service cloud.firestore { match…
ismail
  • 318
  • 2
  • 11
1
vote
1 answer

Firestore security rules | enforcing field VALUES

It is possible to enforce field types with firestore security rules but is it possible to enforce field VALUE? Lets say when a message is seen by the user.. The message seen field gets updated to true. And because this can never go back to false.…
Ibrahim Ali
  • 2,083
  • 2
  • 15
  • 36
1
vote
1 answer

Firebase Firestore rules resource.data not working

Can somebody please explain why this rule match /invoices/{id} { allow read, update, delete: if request.auth.uid == resource.data.uid; } giving me nothing, but when this: match /invoices/{id} { allow read, update, delete: if…
Mario.G
  • 23
  • 4
1
vote
1 answer

Are Firebase dynamic links short url info exposable?

Can an attacker view the query parameters of a shortened firebase dynamic link? If yes, is it secure enough to use let’s say invite links that contain a group ID to access that certain group. In that case wouldn’t there technically be the security…
Yassin Sameh
  • 361
  • 2
  • 13
1
vote
0 answers

How to use parameters from "where" in Firestore security rules?

I have the following Firestore query which can be invoked by a non-Firebase user (the sessionId is just a session id - not a Firebase user id): const q = query(collection(firestore, "apples"), where("sessionId", "==", sessionId)); I am thinking…
allegutta
  • 5,626
  • 10
  • 38
  • 56
1 2 3
99
100