I couldn’t find any information about this!
So, I have a web app in react and use the firebase config settings and want to secure the firebase rules.
I have these:
build
devices
templates
users
I used this for the users:
{"rules": {
"users": {
"$uid": {
// Allow only authenticated content owners access to their data
".read": "auth !== null && auth.uid === $uid",
".write": "auth !== null && auth.uid === $uid"
}}}}
But I also need to allow the web app or any client that uses the api to have full access to the db and all the data and not just "users" from the react app.
3
Answers
Yes, that way I give access to the data but I cant seem to figure it out to give access to the api config, this means I cant access it through firebase library from react!
Those rules are correct for a Firebase RTDB client sdk for accessing the user data. If you want to serve all content over an API, you can use the node admin sdk to build you own API and serve content that way. Alternatively, if you want to use the Firebase RTDB SDK, you can modify your existing rules to allow reading the data. The change would look something like this:
If there are other paths that you want to allow read access to without explicitly declaring the read value of the DB values you can do something like this:
this is exactly what I want and what is happening here! please see the video.
https://community.thunkable.com/t/unless-using-public-rules-in-firebase-the-api-key-can-t-access-data/978375