What is Firebase's cross-domain policy?

萝らか妹 提交于 2019-12-12 07:45:48

问题


How does Firebase handle cross origin issues, and what are the underlying security concerns and how are they handled?


回答1:


Ways to Connect

There are multiple ways to communicate with the Firebase servers, and these include:

  • Firebase Client - One of the officially-supported client libraries, currently including JavaScript (both for Web and Node.js), ObjC (iOS and Mac OS-X), and JVM (Android and Java).
  • REST API - Accessible via https://<your-firebase>.firebaseio.com.

CORS Policy

Firebase uses a fully-permissive cross-origin resource sharing (CORS) policy, meaning that you can make requests to the Firebase servers from any origin. This is possible because Firebase does not use cookies or traditional sessions to govern which requests are authorized and which are not.

Cross-Domain Policy File (Flash)

Similarly, Firebase uses a fully-permissive cross-domain policy file, requiring only that requests be made over SSL. See the policy file at https://demo.firebaseio-demo.com/crossdomain.xml.

Security Overview

Firebase relies upon a flexible authentication system and expression-based rules language to govern which requests are authorized and which are not.

In order for a request to be authorized, the request must include a Firebase Authentication Token, which is a way of securely sharing data between your server (or authentication provider, if using Firebase Simple Login), and the operation (and corresponding data) must pass the developer-defined security rules.

Firebase is accessible from anywhere via the client libraries or REST API, and enables you to build a fully-secure application using only client-side code. Get started with Firebase authentication by heading to the Quickstart Guide.



来源:https://stackoverflow.com/questions/19486655/what-is-firebases-cross-domain-policy

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!