Firebase/ Rules / Composer

Hello
Recently I’m getting a email every day from firebase saying that my app has insecure rules.
My app has the visible if its authenticated option so I dont know if there any problem with it or how can I set up any rule to fix it

Do you have a rule like this in place?

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
				allow read, write: if request.auth != null;
    }
  }
}

No it is like read, write, delete;
And that’s it

Write a command like this (adding your delete if you want) and your rules will be secured.
But then make sure you have the proper firebase auth in place in your app.

Yeah I already used it but inside the app It doesn’t allow to click the post button so firebase cant get record data to the database
-For example:
It allows to write the whole information for the post but when clicking post button it keeps static and do nothing using the rule you told me thats why I used the another rule but firebase keeps saying it’s insecure
I´m already using firebase auth in appgyver
May you know if I can use another rule? Or how can I fix the rule you told me?

1 Like

Anyone can read it. (allow read: if true)
Change the settings so that only logged-in users can create posts.

service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if true
allow create, write, update, delete : if request.auth != null;
}

I didn’t use create, I’m going to add it and try.
Thank you!

Hi
I already used it

  • It lets me write and everything but Id doesnt allow me to click in the post button again I´m using exactly the rules you said
  1. Create a membership page.
    id : email
    password :

  2. Connect “Firebase Authentication” to the membership button.

https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=” + Your.apikey

  1. Create a login page.
    id: email
    password :

  2. User Login

  3. After logging in, create a button to register the remaining personal information (name).
    Users can also register posts.

You can simply use “allow write: if true”, but a security alert notification appears.

Yes thats exactly what I did but I don’t know why these rules don’t work for my app

Do not go to the main page with the Go Back icon after completing the profile and use the “Open Page”.

Button - Delay 2 Seconds - Open Page (Main Page)