Firestore安全规则中是否可以在使用会话Cookie进行授权时使用request.auth?

huangapple go评论74阅读模式
英文:

Is it possible to use request.auth in firestore security rules when using a session cookie for authorization?

问题

This uses request.auth to check if the requesting user is authenticated. However, this rule fails when I use a sessionCookie for authorization, as described here.

Is it impossible to use request.auth when using a session cookie? Perhaps that's what's meant by

For security reasons, Firebase session cookies cannot be used with other Firebase services due to their custom validity period, which can be set to the maximum duration of 2 weeks.

英文:

Consider the following Firestore Security rules

rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth != null;
    }
  }
}

This uses request.auth to check if the requesting user is authenticated. However, this rule fails when I use a sessionCookie for authorization, as described here.

Is it impossible to use request.auth when using a session cookie? Perhaps that's what's meant by

> For security reasons, Firebase session cookies cannot be used with other Firebase services due to their custom validity period, which can be set to the maximum duration of 2 weeks.

答案1

得分: 1

"使用会话cookie时使用request.auth是否不可能?\n\n是的,不可能。 会话cookie是在前端和后端之间传递数据的一种方式,而不是在前端和Firebase后端之间传递数据的方式。 Firebase SDK处理将身份验证令牌传输到Firebase服务的实现。"

英文:

> Is it impossible to use request.auth when using a session cookie?

It is impossible. Session cookies are a way for passing data between your frontend and your backend, not between your frontend and Firebase backends. The Firebase SDKs handle the implementation of transfer of auth tokens to Firebase services.

huangapple
  • 本文由 发表于 2023年6月26日 22:44:18
  • 转载请务必保留本文链接:https://go.coder-hub.com/76557756.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定