Hi I am trying in src>index.js
`
import {initializeApp} from 'firebase/app'
`
I am learning from a video. When the man in the video wrote this code, he wrote that it is being calculated next to him in green, but it does not write to me. and I think that's why when I try to pull data from firebase database I get the following error in the console
index.html:1 Uncaught (in promise) FirebaseError: Missing or insufficient permissions.
Can anyone know the solution?
Your security rules do not allow anyone to read or write to your database. If you set your rule to true as shown below, it should allow you to write:
Sample:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /series/{document} {
allow read, write: if true;
}
}
}
To configure your Firestore Security Rules:
Firebase Console > Firestore Database > Rules (Tab) > Edit Rules > Deploy & Test
In this rule anyone can read or write to your series collection. I recommend reading about Firestore Security Rules to restrict access to authorized users only.
Thanks.
Your firebase firestore rules don't allow reads or write for the collection that you are trying to query from.
Goto Firebase console and modify the firestore rules
Docs: https://firebase.google.com/docs/firestore/security/get-started
Related
I'm trying to create a document in Firebase Firestore. I have manually added documents to it in the Web UI, but am unable to do it programmatically.
The following is a single HTML file, containing all the code, which is directly taken from the docs:
<!-- The core Firebase JS SDK is always required and must be listed first -->
<script src="https://www.gstatic.com/firebasejs/8.3.1/firebase-app.js"></script>
<script src="https://www.gstatic.com/firebasejs/8.3.1/firebase-firestore.js"></script>
<script>
// Your web app's Firebase configuration
var firebaseConfig = {
apiKey: "<REDACTED>",
authDomain: "<REDACTED>",
projectId: "<REDACTED>",
storageBucket: "<REDACTED>",
messagingSenderId: "<REDACTED>",
appId: "<REDACTED>"
};
// Initialize Firebase
firebase.initializeApp(firebaseConfig);
var db = firebase.firestore();
// example from the docs
db.collection("users").add({
first: "Ada",
last: "Lovelace",
born: 1815
})
.then((docRef) => {
console.log("Document written with ID: ", docRef.id);
})
.catch((error) => {
console.error("Error adding document: ", error);
});
</script>
I have redacted the config object, but it was copied directly from the Firebase config page (furthermore, I know the config is correct because in another app (not pictured), Firebase Auth works just fine).
Upon opening the above HTML page, I get the following error in the console:
Error adding document: FirebaseError: Missing or insufficient permissions.
My Firestore security rules are as follows. They should be completely open to all reads and writes:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write, update, delete, create: if true;
}
}
}
Despite the "Missing or Insufficient Permissions" error, when I go to the "Monitor Rules" tab of the Firestore Rules page, I don't see any stats for the denied requests, as if the rules didn't even get evaluated at all, despite me having ran at least 50 requests over the last 24 hours:
Running simulated Firestore requests in the Firestore Rules Playground succeeds every time as expected, whether the request is "authenticated" or not.
Please advise, I am at a loss for what else to try.
I have sidestepped solving this issue by simply creating a new project. I still don't know what was wrong. Please see the comments below my question for possible solutions.
I spoke with Google support and found you need the
firebaserules.system IAM role. Here is what I received:
Thank you for contacting Google Cloud Support. My name is Sakshi and I will be helping you with this issue.
I understand that you are getting the error [1] on the existing Google project and want to debug this error without creating a new project. Please correct me if I have misunderstood the issue.
Please note that the service account or user account you are using to authenticate Firebase project need to have ‘firebaserules.system’ role, If you don’t have this role your security rules will deny all the incoming requests. I will suggest you refer to the document [2] to know more about this in detail.
If your application is using the server client libraries or the REST or RPC APIs, please note that they bypass all Cloud Firestore security rules and instead authenticate through Google Application default credentials. Please follow this document [3] to know about Firebase security rules.
I hope the provided information is useful. Please let me know if you have any questions regarding this issue.
Regards,
Sakshi
Google Cloud Support
[1] Firebase Firestore "Missing or insufficient permissions"
[2] https://cloud.google.com/firestore/docs/security/iam#security_rule_dependency_on_iam
[3] https://firebase.google.com/docs/firestore/security/get-started
I am using firebase and am trying to make the storage publicly accessible. According to the firebase documentation I need to include the following code, which I added to the .js file which contains a function that sends user input to storage.
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write;
}
}
}
Based off others' problems I've tried:
adding ;-s
changing it to firebase.storage(code),
doing var storage ...
but none of these methods work.
I have my code for configuring firebase (apiKey, authDomain, databaseURL, projectID, and storageBucket) and also initialized the app.
This isn't code that you would put in a JS file, this is a firebase storage security rule. It is a configuration that you would configure in the console for your project (alternatively, you can deploy the rules via the CLI, but they are still not a direct part of your application code).
You should navigate to the rules tab and input the configuration there:
Of course, the rule you are suggesting here is very dangerous!
This rule will allow any user (including unauthenticated users!) to write as much as they want into your storage bucket -- effectively giving you the bill for their free storage. You should consider carefully if this is what you really want.
I am building a NodeJS Express app and am using Firebase as the backend. I am trying to secure my firebase backend, more specifically the firestore database with Firestore Security Rules. However, I cannot seem to get my security rules to trigger.
I have a route called /api/goalPRs/:goalPRId which updates a database ref with the body of the request by calling
const goalPRsRef = db.collection('goalProgressReports');
goalPRsRef.doc(goalPRId).update(newGoalPR).then(()=>({update: 'Success'}));
Now, each goalPR has a field called targetGoalId, which I want to be constant, I dont want that data to be editable. Hence I have tried to set up the following firestore security rule.
service cloud.firestore {
match /databases/{database}/documents {
match /goalProgressReports/{goalPR} {
allow update: if request.resource.data.targetGoalId == resource.data.targetGoalId;
}
}
}
With this security rule I expect that any update to a document within goalProgressReport collection should be denied if the old targetGoalId is not equal to the new one. However, this is not the case. I can provide a new targetGoalId and it incorrectly updates.
Also, even when I try something like this with the security rules:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false
}
}
}
I am still allowed to write to the database, even though from my understanding this rule shouldn't allow any reads or writes to the database. Is my understanding of how security rules work incorrect? How can I fix my goalProgressReport security rule to not allow updates if the targetGoalId has changed?
Since you're running on nodejs, that means you're using either the Cloud Firestore node SDK or the Firebase Admin SDK which wraps the Cloud SDK. In this case, security rules don't apply. They only apply to access coming directly from web and mobile applications, and not from the server SDKs. The server SDKs always bypass all security rules, because it's coming from a privileged service account.
Does anyone know whether there is a way to properly check for errors in the initial connection with the Firebase database? This is my example code
const database = firebase
.initializeApp({ databaseURL: FIREBASE_URL })
.database();
and in order to test that my error handling was correct I tried deleting a character from the URL, but this just prints the following to the console:
FIREBASE WARNING: Firebase error. Please ensure that you spelled the name of your Firebase correctly (FIREBASE_URL)
I looked thoroughly through the documentation, the most relevant page I could find is this one, but even trying to use the enableLogging method and trying to regex whether it's a warning / error seems too flimsy because the above warning isn't even part of that logging.
If there was even just an attribute I could access to check whether the database is online that'd be great, or at best an error callback or something of the like.
Thank you for your time!
I am putting files in Firebase Storage, and (using cloud functions) store the objectMetaData.selflink in the database. I am trying to load a file using that link, but get a 401 stating that:
Anonymous users does not have storage.objects.get access to filename]
But since i am logged in (there is a currentUser on the auth() instance), i am confused what i am doing wrong here. Should i be sending some kind of token with my request?
I have not changed the initial ruleset for storage:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
Also, maybe related but maybe not: since this example uses another approach, what is the difference between selfLink and getDownloadURL?
EDIT:
I finally got it working by using firebase.storage().ref(somePath). I also tried firebase.storage().refFromURL(selfLink).getDownloadURL() but that gave the error of supplying an invalid link to refFromURL. Then the question remains: what exactly is the selfLink?
Documentation states that the selfLink is the link to access the object, assuming you have sufficient permissions. It is not the download URL
Docs