0

I want to secure my firestore data. I have an app that accesses the data from firestore. Currently, my rules allow anyone to read and write. How can I access the data using a key I have in the app? Sort of verify a key before anyone can read or write data.

Here are my current rules:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if true;
    }
  }
}

https://gyazo.com/da26189ac1c5bbdea8d374ad8870bd7f - this is why I am asking

Improve this question
6
  • i dont think i have an initializing key Commented Oct 22, 2022 at 12:14
  • check this: gyazo.com/da26189ac1c5bbdea8d374ad8870bd7f Commented Oct 22, 2022 at 12:27
  • Yeah, it's because of these lines match /{document=**} { allow read, write: if true; } Commented Oct 22, 2022 at 12:41
  • and how can i solve this? Commented Oct 22, 2022 at 12:43
  • Well, change it to false or delete this line. Commented Oct 22, 2022 at 12:47

1 Answer 1

Reset to default
2

The security rules of your Firestore database only have access to:

  • The path that is being accessed (read or written).
  • The data that is being written.
  • The token of the user that is accessing the data.
  • Other data in the database.

There is no way to pass custom data to the security rules in another way, so anything you need will have to be in one of these.

So if you want to pass custom data in both read and write operations, you'll have to do so in either the path or make it part of the user's token, for example by setting a custom claim in there.

Also see:

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

so would it be safe to leave it as it is?
gyazo.com/da26189ac1c5bbdea8d374ad8870bd7f - this is why i am concerned
Since you asked "How to acces firebase data using a key", I answered that question That screenshot is a warning that your database rules allow way too broad access. We've covered that warning quite a few times before, so I recommend having a look at some of these top search results: stackoverflow.com/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.