Reputation: 77
Firebase - Firestore, web server access only
I think I’m missing something in all the Firebase/Firestore information out there. I’m creating a website using Firestore as the backend. The website offers some areas for user input, and the database needs to be updated based on that input. I see how to create rules for authentication levels, but how do I block all requests that don’t come from my web server?
Thank you!
UPDATE
For those who stumble upon this, please note that I found that I should be using the Admin SDK for what I described. Be aware that if you go this route you must have some sort of backend in place, the Admin SDK does not work on the client.
Upvotes: 0
Views: 556
Answers (1)
Reputation: 317868
Security rules don't have any control over the origin of a given request. In fact, there is no way to control the origin of a request with Firestore, unless you want to try to set up a complicated VPN situation for all of your clients to use.
You should be thinking of security rules in terms of who can do what with the data in Firestore. Not from where they can do these things.
Upvotes: 1
Related Questions
- Anonymous Auth Firestore Security
- How to secure Firestore database
- Role based access to FireStore
- Firestore Security Rules for this scenario
- Protect Firestore database from attack
- Restrict Firestore access to authenticated users
- Firebase Cloud Firestore restrict user access (Banking Application)
- Cloud Firestore permissions
- Restricting access to Firebase Firestore and Storage
- Firestore permissions