Reputation: 1779
Authorization in Google Firebase
I was trying to build a website in Angular2. The website fetches part of data from Google firebase. This website does not take any user login information.
Now, I am facing the following problem:
I want to ensure that only the requests originated from my hosted website, say abc.com, are served. No one else should be able to call the API end points using postman etc.
Currently, if I query the Firebase URL "https://mywesbite-xxxxx.firebaseio.com/data.json", the entire data is visible as a .json from any web-browser. I want this link to show access denied.
Upvotes: 0
Views: 164
Answers (1)
Reputation: 2688
It's a good idea to look over the Firebase Security & Rules that you can assign your database.
Right now I assume your rules are empty or set as
{
"rules": {
".read": true,
".write": false
}
}
I don't believe you can setup anything which checks if your request comes from abc.com but you can check against Authenticated Users on your site to ensure that they are signed in before they can access any of your information.
There is also a good plugin which helps create Firebase Database Rules which was created by the Firebase Team. It's called Bolt.
Upvotes: 3
Related Questions
- Google Auth in Firebase Angular 10
- Angular + Firebase Firestore authentication
- unable to access google firebase from angular?
- Angular 2 firebase Authenticating using google provider
- Angular4 canActivate and google firebase
- Nodejs Firebase and Angular4 Authentication
- AngularFire Authentication Access to Google AccessToken
- Firebase authenticate and authorize
- Angularfire firebase-authentication - google
- Firebase Google Login