Menu
I have a firebase realtime database.
And i have a "like" button app for my website.
But my database is not safe, because everyone can write to my database.
I want is: "allow only incoming data from my website. And block incoming from other sites"
For example:
{
"rules": {
".read": true,
".write": allow only incoming data from "www.example.com" and block incoming from other sites
}
}
How can I do this?
Or how can I set this rule on Firebase console?
998
Edit and update your rulesOpen the Firebase console and select your project. Then, select Realtime Database, Cloud Firestore or Storage from the product navigation, then click Rules to navigate to the Rules editor. Edit your rules directly in the editor.
1. Admin SDK bypasses security rules. As you explore security rules in depth, you will eventually discover that requests from the Firebase Admin SDK are not gated by rules. The Admin SDK is initialized with a service account, which gives the SDK full access to your data.
If you need some value (or combination of values) to be unique, you need to create a node that contains that value (or combination) as its key. If you need to guarantee that multiple values (or combinations) are unique, you'll need multiple of such nodes.
Firebase Security Rules work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths. All Rules across Firebase products have a path-matching component and a conditional statement allowing read or write access.
If I understand correctly what you are trying to do, I believe you can do it with the service account linked with your Firebase account. You can manually create a whitelist of URL's allowed to use your API key. The trick is that it is found in the Google Cloud Platform, not the Firebase Console. However, there is a nifty link in Firebase Console that will take you to where you need to be.
(Also, the direct link of where to go is https://console.cloud.google.com/apis/credentials but make sure you are logged into an "Owner" or "Editor" account listed on the "Users and permissions" tab found at step two below.)
Here are the steps:
Log into your Firebase Console and go to the gear icon next to "project overview" in the top left of the Firebase console.
Then navigate to the "Users and permissions" tab
Then click the small blue link underneath the main table on the screen that says "Advanced permission settings".
It should take you to Google Cloud Console. (Make sure you are logged into an "Owner" or "Editor" account listed on the "Users and permissions" tab you were just looking at from the Firebase Console.) Click the menu in the top left of the Google Cloud Console, and go to "APIs & Services"
Then the click sub-menu item "credentials"
Click the desired API key you want to restrict.
And set the websites you want to allow access by clicking the radio button "HTTP Referers" under "Application Restrictions", adding an item, entering the web address, and hitting done to save the changes.
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
