建议 Firebase 安全规则不起作用
Recommend Firebase security rules doesn't work s
我一直收到来自 Firebase 的电子邮件,说我的安全规则是安全的,所以我必须找到确保它们安全的正确方法。
Not recommended:
// Allow read/write access to all users under any conditions
// Warning: **NEVER** use this rule set in production; it allows
// anyone to overwrite your entire database.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}
推荐:
service cloud.firestore {
match /databases/{database}/documents {
// Assign roles to all users and refine access based on user roles
match /some_collection/{document} {
allow read: if request.auth != null && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Reader"
allow write: if request.auth != null && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Writer"
// Note: Checking for roles in your database using `get` (as in the code
// above) or `exists` carry standard charges for read operations.
}
}
}
就在我尝试推荐的规则后,我的应用程序停止为经过身份验证的用户工作,我不得不保留不安全的规则以允许用户重新使用该应用程序...有谁知道为什么会这样发生了什么?
试试这个
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
match /your_collecton_name/{your_documents} {
allow read,write: if request.auth != null
}
}
}
我一直收到来自 Firebase 的电子邮件,说我的安全规则是安全的,所以我必须找到确保它们安全的正确方法。
Not recommended:
// Allow read/write access to all users under any conditions
// Warning: **NEVER** use this rule set in production; it allows
// anyone to overwrite your entire database.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}
推荐:
service cloud.firestore {
match /databases/{database}/documents {
// Assign roles to all users and refine access based on user roles
match /some_collection/{document} {
allow read: if request.auth != null && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Reader"
allow write: if request.auth != null && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Writer"
// Note: Checking for roles in your database using `get` (as in the code
// above) or `exists` carry standard charges for read operations.
}
}
}
就在我尝试推荐的规则后,我的应用程序停止为经过身份验证的用户工作,我不得不保留不安全的规则以允许用户重新使用该应用程序...有谁知道为什么会这样发生了什么?
试试这个
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
match /your_collecton_name/{your_documents} {
allow read,write: if request.auth != null
}
}
}