firebase-security Questions

Firebase – How can an attacker will be able to access my cloud firestore database, If I have not setup any cloud firestore security rules

May 30, 2024
Ghost
2 Answers

Example: service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if true; } } } { "project_info": { "project_number": "project-number", "project_id": "project-id", "storage_bucket": "project-storage-bucket" }, "client": [ { "client_info": { "mobilesdk_app_id": "mobilesdk_app_id", "android_client_info": { "package_name": "com.example.sample" }…

VIEW QUESTION

Firebase – Cacheing of Firestore Security Rules get()

May 7, 2024
Patrick Smith
2 Answers

I want to know the extent that firestore caches security rule evaluations of get() lookups when executing a query or across queries. I feel that the docs, while they do mention cacheing occurs, do not detail the specifics of when…

VIEW QUESTION

React native – FirebaseError: Missing or insufficient permissions in application but it works in simulation

April 24, 2024
lydonuis
3 Answers

Below are my Firestore rules. I have a "users" collection where the document ID is the user's UID in the authentication. I want only admins to access some users data or the user itself. service cloud.firestore { match /databases/{database}/documents {…

VIEW QUESTION

Firebase – Firestore Security Rules: Error running simulation –An unknown error occurred

March 6, 2024
Nils Reichardt
2 Answers

These are my security rules for Cloud Firestore: rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match /Feedback/{feedback} { allow read: if resource.data.uid == request.auth.uid; } } } It appears that I have a weird bug. When I try…

VIEW QUESTION

Javascript – Firebase Firestore security rules – MapDiff for nested objects

January 30, 2024
waway
2 Answers

I'm trying to set Firestore rules, allowing user to update only certain fields inside of a nested object. I know if it's a top level key, we can simply use something like this: allow update: if request.auth.uid == userID &&…

VIEW QUESTION

Firebase realtime database rules check if node with a certain key exists across all nodes

January 13, 2024
ohshit
2 Answers

I have a node "purchasetokens" - "$userId" - ""$purchaseToken"" and a key "valid:True/False" that is set by my cloud function only. How can I set a rule to make sure that the "$purchaseToken" doesn't exists across all "$userId" with a…

VIEW QUESTION

Firebase – Firestore securety rules – allow read and write only if the user owns the documents

January 9, 2024
CfC
2 Answers

In my database, I have a collection containing documents from various users. Each document has a user property with the user's email as its value. (I'm going to change that to userID later on.) I want to make sure that…

VIEW QUESTION

Firebase Firestore rules for shared content

January 7, 2024
matteog
2 Answers

I'm developing a simple app that can upload photos. I'm using firebase firestore and storage. Every time I upload a new photo I create an object like this: struct Item: Codable, Identifiable { var id: UUID // photo name var…

VIEW QUESTION

Firebase – Access the underlying value of resource.data for list query in firestore security rules?

December 29, 2023
Virus
2 Answers

Within firestore security rules, is there a way to get direct access to the value of a resource.data for a list query? More specifically, for array-contains. I’d like to use the value of the list query and do some transformations…

VIEW QUESTION

Firestore Security Rules in Flutter – The caller does not have permission to execute the specified operation

December 6, 2023
Guilherme Maia
2 Answers

I'm using Firestore do store my data with this Firebase Service. I've set this Security Rule where the user only can access a document if his auth UID is into an array, which is inside a base document that he…

VIEW QUESTION