Firebase Security Rules Block Writing to Firebase

后端 未结 2 1289
一整个雨季
一整个雨季 2021-01-24 10:53

Note: This question is tagged polymer because the Polymer library is used to generate the Javascript.

This question is about two different

2条回答
  •  执笔经年
    2021-01-24 11:52

    Problem 1

    You're using the Polymer firebase-auth element to authenticate with Firebase.

    Under the hood this calls the Firebase.authAnonymously() method, which authenticates the current session in the Firebase JavaScript SDK.

    You're writing to Firebase using:

    computeFbTargetJson: function(f) {
        return f + '.json';
    }
    

    and

    this.set('$.ajax.url'  , this.fbTargetJson);
    this.set('$.ajax.body' , JSON.stringify({
        jquux: 'jbaz'
       }));
    this.$.ajax.generateRequest();
    

    This is doing an AJAX request to Firebase, which means that you're using Firebase's REST API. But since this is a regular HTTP call, it will not "inherit" then authentication from the Firebase JavaScript client.

    To authenticate your REST request, you will need to pass in an auth parameter as documented in the Firebase documentation. You can get the token from the Firebase reference using ref.getAuth().token.

    Problem 2

    Each element in your Firebase database is accessibly by a unique URL. You can either access it with one of the Firebase SDKs or by directly accessing the REST API that Firebase exposes.

    From what I can gather from the jsbin, you're writing to Firebase using:

    computeFbTargetJson: function(f) {
        return f + '.json';
    }
    

    and

    this.set('$.ajax.url'  , this.fbTargetJson);
    this.set('$.ajax.body' , JSON.stringify({
        jquux: 'jbaz'
       }));
    this.$.ajax.generateRequest();
    

    This is doing an AJAX request to Firebase, which means that you're using Firebase's REST API. The first paragraph of that API documentation explains how Firebase database URLs map to the REST API:

    We can use any Firebase app URL as a REST endpoint. All we need to do is append .json to the end of the URL and send a request from our favorite HTTPS client.

    So in order to access any data in Firebase using the REST API, you append .json to the URL of that data.

    When you're using the Firebase Simulator, the operation is similar to using Firebase's JavaScript SDK. In that case, you should not put the .json suffix at the end of the URL.

    So given a Firebase database at https://mine.firebaseio.com/, say you have a user profile at /users/de01fc8104.

    • You can access that record in the simulator or with a Firebase SDK as https://mine.firebaseio.com/users/de01fc8104
    • To access the record using the REST API, the URL is https://mine.firebaseio.com/users/de01fc8104.json

    Summary

    Both of your problems are caused by the fact that you're using two different ways of accessing Firebase: the JavaScript SDK and the REST API. While these two methods can be used together, you will have to ensure you provide the information that is needed. In general you will have an easier experience if you stick to using one way of accessing Firebase from a single client.

提交回复
热议问题