Reputation: 1710
Can I send value with request to Firestore rules
I have to send value with request to check it from Firestore rules , like (Recaptcha to avoid spam) or origin (protect my own firebase api) ! is there any way to do that ?
Upvotes: 2
Views: 2192
Answers (2)
Reputation: 943
If you want to do your own server-side validation e.g. Recaptcha then you can do the validation in a callable function. If the post data is valid then you can use firebase-admin to access your firestore, and if applicable, return any data at the end of the function.
Upvotes: 1
Reputation: 599081
There is no way to pass custom parameters into the Firestore rules. The most common workaround is to pass information as part of the path, although it's definitely kludgy at times.
The best approach for preventing spam is to require your users to log in, and then limit what they can do based on knowing who they are, and knowing what they've done in the past. For example, most apps limit the places users can write to based on their identity, and many apps have a sort-of leveling system where users gradually get more permission as they've been using (and not abusing) the app longer.
Upvotes: 4
Related Questions
- Create variable to reuse in firestore rules
- Firestore Security Rules: Passing a request parameter in a get() call?
- How to Get Data From Request Path in Firestore Rules
- Firestore Security Rule: Check user input on get query
- Can you send data with a firestore read request?
- Firestore Security Rules - Pass data to Firestore not through auth or write (resource.data)
- Referencing variables in Firestore Rules
- Is there a way to write database rules through Firestore's REST API
- Could firestore security rule allows me to change request data or already existing data ?
- Firestore security rules based on request query value