Hello I have the following rule in Firestore for read if true
I recieve email that point anybody can read and my requests can be drained. I need some aproach read action to be allowed only from my app.I don't have authentication in the app is accessable without registration.What can I do to restrict the access only from the app.I read can be set SHA1 key but not quet sure how to imaplement it.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
allow read: if true;
}
}
}
CodePudding user response:
I‘m afraid there’s actually nothing you can do. Since you are using a backend as a service provider you will have to use some sort of authentication if you want to prevent certain people to execute certain actions. This could be classic username/password authentication or a more modern means like oauth.
CodePudding user response:
There is no way to do that but there is a way around just add Anonymously authentication with firebase Auth Ui this way users will not have to create an email and they will be authenticated
another way is: try to make some parts which doesn't require security public for anyone to read .