针对特定域的Firebase安全规则 [英] Firebase Security Rules for domain specific
问题描述
我正在构建使用Fiberbase存储的应用程序,我不希望用户登录或注册,仅允许他们仅通过我的网站上传文件.
I am building the application which uses the Fiberbase Storage, I do not want the user to log in or signup, just allow them to upload files through my website only.
我不希望其他人复制Firebase配置密钥并在他们的网站中使用这些文件在我的Firebase帐户上上传文件,因此,我想设置一些规则,这些规则会限制对特定域的访问
I don't want others to copy the Firebase config key and use in their website to upload a file on my firebase account, so I want to set up some rules which will restrict access over the certain domain
推荐答案
在Cloud Storage的Firebase安全规则中,无法检查上传的域.您将不得不使用另一种方法来确保只有授权用户才能上传数据.
There is no way to check for the domain that uploads come from in the Firebase security rules for Cloud Storage. You will have to use another approach to ensure only authorized users can upload data.
如果应用程序必须要求来自某个域,则必须设置一个中间服务器(或Cloud Function)以接收上载,并验证该服务器来自您所需的域,然后将文件放入存储桶中.
If the requirement for it to come from a certain domain is a must for your app, you'll have to set up an intermediary server (or Cloud Function) that receives the upload, validate that it comes from the domain you require, and then puts the file in the storage bucket.
这篇关于针对特定域的Firebase安全规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
