cht
Reputation: 319
Firebase web - how do i restrict data to be written by my domain only?
I have a little web app that constitues of only JavaScript/JQuery files.
It's kind of anonymous link based messaging app, so there's no authentication stuff.
I'm worried that someone can easily read/write to my database.
Is there any setting/security rule with which i can allow read/write requests from my domain only? (same origin policy)
Upvotes: 5
Views: 1477
Answers (1)
Niles Tanner
Reputation: 4021
I would recommend just using the basic make sure they are logged in rule
{
"rules": {
// only authenticated users can read or write to my Firebase
".read": "auth !== null",
".write": "auth !== null"
}
}
But wait, I want to stop access from other domains!
Well you can set the authorized domains from the authorization panel in the firebase console. This would only allow users to log in from your url and only your url and only logged in users can read/write.
Upvotes: 4
Related Questions
- Restricting Firebase read/write access to only myself
- Allow only request from a specific domain to read and write data firebase
- how can i restrict access to firestore database to only requests coming from specific domain?
- Firebase Security Rules Storage from specific web url
- how to make sure only my own website (clientside code) can talk to Firebase backend?
- Restricting Cloud Firestore to a specific domain
- Restrict Firebase authentication to a certain domain
- Setting Firebase Firestore security rules so only users can CRUD their own data and all else is ignored
- Configuring firebase project domain restrictions
- How can I prevent other sites/apps from accessing my Firebase?