什么是Firebase的跨域策略？ [英] What is Firebase's cross-domain policy?

问题描述

解决方案

如何处理跨源问题，以及如何处理基本的安全问题？连接

有多种方法可与Firebase服务器通信，这些方法包括：

• Firebase客户端 - 官方支持的客户端库之一，目前包括JavaScript（Web和Node.js），ObjC（iOS和Mac OS- X）和JVM和Java）。


• REST API - 可通过 https：//< your-firebase> .firebaseio.com 。

CORS Policy

Firebase使用完全允许跨源资源共享（CORS）策略，这意味着您可以从任何来源向Firebase服务器发出请求。这是可能的，因为Firebase 不使用Cookie或传统会话来管理哪些请求已获得授权，哪些不是。

跨域策略文件（Flash）

同样，Firebase使用完全宽松的跨域策略文件，只要求通过SSL发出请求。请参阅 https://demo.firebaseio-demo.com/crossdomain.xml 中的策略文件。

安全概述

Firebase依赖于灵活身份验证系统和基于表达式的规则语言

为了授权请求，请求必须包含 Firebase身份验证令牌，这是一种在您的服务器（或身份验证提供商，如果使用 Firebase简单登录），操作（及相应的数据）必须通过开发人员定义的安全规则。

Firebase可以通过客户端库或REST API从任何地方访问，并且使您能够仅使用客户端代码构建完全安全的应用程序。开始使用Firebase身份验证，方法是转到快速入门指南。

How does Firebase handle cross origin issues, and what are the underlying security concerns and how are they handled?

解决方案

Ways to Connect

There are multiple ways to communicate with the Firebase servers, and these include:

• Firebase Client - One of the officially-supported client libraries, currently including JavaScript (both for Web and Node.js), ObjC (iOS and Mac OS-X), and JVM (Android and Java).
• REST API - Accessible via https://<your-firebase>.firebaseio.com.

CORS Policy

Firebase uses a fully-permissive cross-origin resource sharing (CORS) policy, meaning that you can make requests to the Firebase servers from any origin. This is possible because Firebase does not use cookies or traditional sessions to govern which requests are authorized and which are not.

Cross-Domain Policy File (Flash)

Similarly, Firebase uses a fully-permissive cross-domain policy file, requiring only that requests be made over SSL. See the policy file at https://demo.firebaseio-demo.com/crossdomain.xml.

Security Overview

Firebase relies upon a flexible authentication system and expression-based rules language to govern which requests are authorized and which are not.

In order for a request to be authorized, the request must include a Firebase Authentication Token, which is a way of securely sharing data between your server (or authentication provider, if using Firebase Simple Login), and the operation (and corresponding data) must pass the developer-defined security rules.

Firebase is accessible from anywhere via the client libraries or REST API, and enables you to build a fully-secure application using only client-side code. Get started with Firebase authentication by heading to the Quickstart Guide.

这篇关于什么是Firebase的跨域策略？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！