是否可以确定传入请求的来源? [英] Is it possible to determine the source of an incoming request?

问题描述

是否可以知道向云Firestore文档传入请求的源的主机名?我想编写一个格式为allow write: if request.resource.data.source_host_name == some_predefined_value的数据库规则.这是一个Web应用程序，因此我试图找到一种很好的方法来限制谁不使用传统的auth方法就可以写入我的数据库.

解决方案

Cloud Firestore无法实现这种规则.它也不是很安全，因为可以欺骗源IP地址.

如果要限制谁可以访问数据库，则唯一受支持的机制是通过安全规则和Firebase身份验证.

Is it possible to know the hostname of the source of an incoming request to a cloud firestore document? I would like to write a database rule of the form allow write: if request.resource.data.source_host_name == some_predefined_value. This is a web application so I'm trying to find a good way to limit who gets to write to my database without using traditional auth methods.

解决方案

That sort of rule is not possible with Cloud Firestore. It also wouldn't be very secure, as it's possible to spoof source IP addresses.

If you want to limit who can access your database, the only supported mechanism is through security rules and Firebase Authentication.

这篇关于是否可以确定传入请求的来源?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！