Issue
I have a simple json tree like this : https://ibb.co/Rgpznd0, and my rules are:
{
"rules": {
".read": "auth.uid !== null",
".write": "false",
}
}
I only need to read the data from the database, i retrieve the token from the user
const accessToken = await user.getIdToken();
and i do a get request with this url with axios:
this work, but i get some warning from firebase about security rules
///////////////////////////////
UPDATE
I tried to put the rules like this, in a more secure way :
{
"rules": {
"destinations": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "false"
}
}
}
}
I tried changing the url like this:
But now the axios request doesn't work even if i put the uid in the query.
I also tried on postman and the response it's seems the html of the page, I am doing something wrong.
How can i do that? And get a json response?
////////////
UPDATE 2
full url like requested
UPDATE 3
I have find a solution to my problem, you can check the answer below
Solution
I follow this guide: https://medium.com/@skytreasure/easy-way-to-secure-firebase-realtime-database-with-rules-when-you-have-anonymous-sign-in-or-already-e8ff1ddfbfc9
Inside the onAuthStateChanged i set a request to the database with the secure key
await set(
ref(
db,
`/${process.env.NEXT_PUBLIC_FIREBASE_ROUTE}/${user.uid}`
),
true
)
.then(() => {
//Fullfilled
})
.catch((error: Error) => {
throw new Error(error.message);
});
Then i didn't change the other methods to fetch.
Instead of query i put: 'destination' - 'crew' - 'technology' depends of witch pages do you go.
Now the database is secure, only who have the anonymous id can do the request
Answered By - Sandrew94 Answer Checked By - Candace Johnson (PHPFixing Volunteer)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.