Firebase规则:仅允许特定URL? [英] Firebase Rules: Allow only Specific URL?
问题描述
我有一个firebase实时数据库.
我有一个喜欢"的我的网站的按钮应用.
但是我的数据库并不安全,因为每个人都可以写入我的数据库.
我想要的是:仅允许从我的网站接收数据.并阻止来自其他网站的邮件"
I have a firebase realtime database.
And i have a "like" button app for my website.
But my database is not safe, because everyone can write to my database.
I want is: "allow only incoming data from my website. And block incoming from other sites"
例如:
{
"rules": {
".read": true,
".write": allow only incoming data from "www.example.com" and block incoming from other sites
}
}
我该怎么做?
或者如何在Firebase控制台上设置此规则?
How can I do this?
Or how can I set this rule on Firebase console?
推荐答案
如果我正确理解您要执行的操作,我相信您可以使用与Firebase帐户关联的服务帐户来执行此操作.您可以手动创建白名单URL允许使用您的API密钥.诀窍是可以在Google Cloud Platform中找到它,而不是在Firebase Console中找到它.但是,Firebase控制台中有一个漂亮的链接,可将您带到所需的位置.
If I understand correctly what you are trying to do, I believe you can do it with the service account linked with your Firebase account. You can manually create a whitelist of URL's allowed to use your API key. The trick is that it is found in the Google Cloud Platform, not the Firebase Console. However, there is a nifty link in Firebase Console that will take you to where you need to be.
(此外,要去的地方的直接链接是 https://console.cloud.google.com/apis/credentials ,但请确保您已登录在下面第二步的用户和权限"标签上列出的所有者"或编辑者"帐户.)
(Also, the direct link of where to go is https://console.cloud.google.com/apis/credentials but make sure you are logged into an "Owner" or "Editor" account listed on the "Users and permissions" tab found at step two below.)
以下是步骤:
-
登录到Firebase控制台,然后转到项目概述"旁边的齿轮图标.在Firebase控制台的左上方.
Log into your Firebase Console and go to the gear icon next to "project overview" in the top left of the Firebase console.
然后导航到用户和权限"标签
Then navigate to the "Users and permissions" tab
然后点击屏幕上主表下方的蓝色小链接,上面显示高级权限设置".
Then click the small blue link underneath the main table on the screen that says "Advanced permission settings".
它应该带您到Google Cloud Console.(确保您已登录到您刚刚从Firebase控制台查看的用户和权限"标签上列出的所有者"或编辑者"帐户.)点击Google Cloud左上方的菜单控制台,然后转到"API&服务"
It should take you to Google Cloud Console. (Make sure you are logged into an "Owner" or "Editor" account listed on the "Users and permissions" tab you were just looking at from the Firebase Console.) Click the menu in the top left of the Google Cloud Console, and go to "APIs & Services"
然后单击子菜单项凭据"
Then the click sub-menu item "credentials"
单击要限制的所需API密钥.
Click the desired API key you want to restrict.
并通过单击单选按钮"HTTP Referers"来设置要允许访问的网站.在应用程序限制"下,添加一个项目,输入网址,然后点击完成以保存更改.
And set the websites you want to allow access by clicking the radio button "HTTP Referers" under "Application Restrictions", adding an item, entering the web address, and hitting done to save the changes.
这篇关于Firebase规则:仅允许特定URL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
