Firebase Security Rules Block Writing to Firebase
Note: This question is tagged polymer because the Polymer library is used to generate the Javascript.
This question is about two different
-
@FrankvanPuffelen's answer in Polymer-speak translates into:
Use the <firebase-collection> element's .add() method to write data to Firebase from the client while under security rule enforcement. It's more efficient from a code standpoint as
firebase-collectionhandles all the necessary auth tokens for you automatically.讨论(0) -
Problem 1
You're using the Polymer
firebase-authelement to authenticate with Firebase.<firebase-auth id="firebaseLogin" user="{{user}}" ...Under the hood this calls the Firebase.authAnonymously() method, which authenticates the current session in the Firebase JavaScript SDK.
You're writing to Firebase using:
computeFbTargetJson: function(f) { return f + '.json'; }and
this.set('$.ajax.url' , this.fbTargetJson); this.set('$.ajax.body' , JSON.stringify({ jquux: 'jbaz' })); this.$.ajax.generateRequest();This is doing an AJAX request to Firebase, which means that you're using Firebase's REST API. But since this is a regular HTTP call, it will not "inherit" then authentication from the Firebase JavaScript client.
To authenticate your REST request, you will need to pass in an auth parameter as documented in the Firebase documentation. You can get the token from the Firebase reference using
ref.getAuth().token.Problem 2
Each element in your Firebase database is accessibly by a unique URL. You can either access it with one of the Firebase SDKs or by directly accessing the REST API that Firebase exposes.
From what I can gather from the jsbin, you're writing to Firebase using:
computeFbTargetJson: function(f) { return f + '.json'; }and
this.set('$.ajax.url' , this.fbTargetJson); this.set('$.ajax.body' , JSON.stringify({ jquux: 'jbaz' })); this.$.ajax.generateRequest();This is doing an AJAX request to Firebase, which means that you're using Firebase's REST API. The first paragraph of that API documentation explains how Firebase database URLs map to the REST API:
We can use any Firebase app URL as a REST endpoint. All we need to do is append .json to the end of the URL and send a request from our favorite HTTPS client.
So in order to access any data in Firebase using the REST API, you append
.jsonto the URL of that data.When you're using the Firebase Simulator, the operation is similar to using Firebase's JavaScript SDK. In that case, you should not put the
.jsonsuffix at the end of the URL.So given a Firebase database at
https://mine.firebaseio.com/, say you have a user profile at/users/de01fc8104.- You can access that record in the simulator or with a Firebase SDK as
https://mine.firebaseio.com/users/de01fc8104 - To access the record using the REST API, the URL is
https://mine.firebaseio.com/users/de01fc8104.json
Summary
Both of your problems are caused by the fact that you're using two different ways of accessing Firebase: the JavaScript SDK and the REST API. While these two methods can be used together, you will have to ensure you provide the information that is needed. In general you will have an easier experience if you stick to using one way of accessing Firebase from a single client.
讨论(0) - You can access that record in the simulator or with a Firebase SDK as
加载中...
- 热议问题