Home > Software engineering >  Sudden error (403-Forbidden) on Firestore calls
Sudden error (403-Forbidden) on Firestore calls

Time:12-13

I have this simple code using enter image description here

Although App check is Unenforced in the settings

enter image description here

Is there anyway to fix this issue please ?

CodePudding user response:

Just a guess as I haven't seen it before but I suspect the "Unenforced" in the status of RTDB and Cloud Firestore are because of lax or missing Rules.

Ensure you have Rules set, and that they don't leave your database "wide open" from a security standpoint.

For example, if you have Allow read, write: true then your database is "wide open". At the very least you want to enforce that users be authenticated with something like: Allow read, write: if request.auth.uid != null

(Note: you can still allow Anonymous users to access your app by enabling Anonymous Authentication if Firebase Auth. Anonymous Firebase Auth users are still using "authenticated" requests)

CodePudding user response:

From your screenshot, the errors are due to outdated clients requests. Check the library you're using and make sure they're updated, according to this link on how to enable App Check in web apps.

Here are some guidelines that could be helpful for you:

  • If almost all of the recent requests are from verified clients, consider enabling enforcement to start protecting your backend resources.
  • If a significant portion of the recent requests are from likely-outdated clients, to avoid disrupting users, consider waiting for more users to update your app before enabling enforcement. Enforcing App Check on a released app will break prior app versions that are not integrated with the App Check SDK.
  • If your app hasn't launched yet, you should enable App Check enforcement immediately, since there aren't any outdated clients in use.
  • Related