Questions tagged [firebase-security]
The Firebase Security API uses a flexible authentication system and an expression-based rules language to provide a very flexible security model.
firebase-security
5,556
questions
0
votes
0
answers
13
views
Firestore rules strange behavior
I'm currently building a web app with Firebase Firestore and trying to create a permission system.
My data is structured as follows:
projects (collection)
[projectId] (document)
allowRead (value)
...
0
votes
0
answers
18
views
Firebase rules work fine in emulator, don't work in the Cloud
The following firestore rules set works in my emulator,
but does not work in the Cloud.
The isUserAuthenticated returns false, as if the {userId} didn't evaluate correctly.
rules_version = '2';
...
0
votes
1
answer
27
views
Why are my Firebase RTDB Rules Always Returning Unauthorized
Rules
{
"rules": {
"Accounts": {
".read": "true",
"$user_id": {
// Check if object has all required values after operation
...
1
vote
0
answers
24
views
Firestore rules to not allow additional queries
getDocs(query(orderBy('createdAt', 'desc')))
with rules, i can enforce a query
allow list: if request.query.orderBy.createdAt == "DESC"
How do i make it so users cannot apply query to any ...
0
votes
0
answers
11
views
Firebase read permissions breaking write permissions
I'm trying to write storage rules in firebase. There are 3 levels of user in my app- admin, agent, and client.
A client should be able to write to their own 'Request'
Admins can read everything
Agents ...
0
votes
0
answers
37
views
10.28.1 - [FirebaseFirestore][I-FST000001] Write at another/pleaseWork failed: Missing or insufficient permissions -> How do I fix this?
Making an app in SwiftUI for iOS. However, when I try to read or write to firebase firestore, I keep receiving an insufficient permissions error. When I try to search up solutions to this error, ...
0
votes
1
answer
100
views
Firestore security rule unexpected behaviour of hasAny() method depending on the order
I am trying to use security rules in order to limit what information about other users is able to see one authenticated user, depending on if these users are in the same department or not. I have ...
0
votes
0
answers
19
views
403 Forbidden Errors in Chrome Extension with Firestore
I'm currently developing a Chrome extension with an associated dashboard, both utilizing Firebase for authentication and Firestore for data storage. I've run into an issue where Firestore data ...
0
votes
1
answer
35
views
how to secure firebase googleService.plist from iOS and googleService.json from Android [duplicate]
There is a concern raised by security team that API_KEY is exposed from googleService.plist from iOS and googleService.json from Android. I personally feel that exposing this file is not an issue. But ...
1
vote
1
answer
36
views
Firebase security rule for users to access other users data
I want my users in my flutter app to be able to access other users recipes if the other user allowed them. I am using Firebase Cloud Firestore as the DB. So if the current user is part of the ...
0
votes
0
answers
17
views
Unit Test for Firebase Rules with firestore.get
I'm struggling to find a way to test security rules for storage with firestore.get().
I create a test environment with the project-id: "project-test":
testEnv = await ...
0
votes
0
answers
20
views
Firestore security rules are not being respected
I'm creating a website with a whitelabel system that I need to limit the access to the firestore collections and documents based on a Role system.
The rules are:
Users will receive a custom claim ...
0
votes
0
answers
26
views
Firestore Null value error. caused by rules in emulation
I'm trying to get my firestore rules working for certain collections in the emulator, and I have for most of them up until I want the auth'd user to be able to read users that are within the same ...
0
votes
1
answer
23
views
Firebase Realtime Database .indexOn Multiple Level Dynamic key
I have a chat app where I create new keys dynamically. Within each dynamic key, when a user sends a message, I create an object inside that key with its own dynamic key.
The structure is as follows:
...
0
votes
0
answers
46
views
Firebase storage security rule: cannot nest firestore queries
I found this weird behavior where using a document field to query another document is not working as expected when setting Firebase storage security rules:
rules_version = '2';
service firebase....