Ozan
Reputation: 259
Firebase your realtime database has insecure rules warning
I have a website that uses Firebase Realtime Database. It usually sends me e-mail about insecure rules warning. I searched about this here and Firebase Documantation, but when I write other rules, it gives me such error:
Error saving rules - Line 10: String can't contain ".", "#", "$", "/", "[", or "]"
{
// Allow anyone to read data, but only authenticated content owners can
// make changes to their data
"rules": {
"some_path/${uid}": {
".read": true,
// or ".read": "auth.uid != null" for only authenticated users
".write": "request.auth.uid == uid"
} SHOWS ME ERROR IS HERE.
}
}
I am using this rules for now:
{
"rules": {
".read": true,
".write": false
}
}
here is one picture that I try one of other rules called Mixed public and private access.
I will be very glad if anyone can help me.
Upvotes: 0
Views: 1274
Answers (1)
sarthak
Reputation: 508
The syntax does not seem correct to refer to a child resource, check below syntax to achieve the desired effect
{
"rules": {
"some_path": {
"$uid": {
".write": "$uid === auth.uid"
}
}
}
}
https://firebase.google.com/docs/database/security
Upvotes: 2
Related Questions
- Security rules of realtime database doesn't work
- Firebase Realtime Database Insecure Rule Warning
- Firebase Realtime Database xxxx-xxxx-4458' has insecure rules
- Basic Firebase Realtime Database Rules Error
- Firebase Realtime database - insecure rules
- Firebase Your Realtime Database has insecure rules
- Warning from firebase realtime database regarding rules, but I have updated
- Firebase email saying my Realtime Database Rules has insecure rules
- Firebase Realtime database rules "Unknown variable 'request'."
- Issue with my Firebase realtime data base security rules