Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Firebase web - how do i restrict data to be written by my domain only?

Tags:

I have a little web app that constitues of only JavaScript/JQuery files.

It's kind of anonymous link based messaging app, so there's no authentication stuff.

I'm worried that someone can easily read/write to my database.

Is there any setting/security rule with which i can allow read/write requests from my domain only? (same origin policy)

like image 725
cht Avatar asked Jan 01 '18 13:01

cht


People also ask

Does Firebase own your data?

You don't own your data Plus, it was not possible to export our data when we had hundreds megabytes hosted. We had to contact Firebase by email. Notice: exporting data email/password data is possible by contacting Firebase Team, but not from Dashboard.

Can anyone access my Firebase database?

By default, your rules do not allow anyone access to your database. This is to protect your database from abuse until you have time to customize your rules or set up authentication. Describes if and when data is allowed to be read by users. Describes if and when data is allowed to be written.

How do I set rules in Firebase database?

These rules are hosted on Firebase servers and are applied automatically at all times and you can change the rules of your database in Firebase console. You just have to select your project, click on the Database section on the left and select the Rules tab.

How do you secure a Firebase rule?

How do they work? Firebase Security Rules work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths. All Rules across Firebase products have a path-matching component and a conditional statement allowing read or write access.


1 Answers

I would recommend just using the basic make sure they are logged in rule

{
   "rules": {
       // only authenticated users can read or write to my Firebase
       ".read": "auth !== null",
       ".write": "auth !== null"
   }
}

But wait, I want to stop access from other domains!

Well you can set the authorized domains from the authorization panel in the firebase console. This would only allow users to log in from your url and only your url and only logged in users can read/write.

like image 89
Niles Tanner Avatar answered Sep 20 '22 13:09

Niles Tanner