firebase-security-rules

I have to send value with request to check it from Firestore rules , like (Recaptcha to avoid spam) or origin (protect my own firebase api) ! is there any way to do that ? There is no way to pass custom parameters into the Firestore rules. The most common workaround is to pass information as part of the path, although it's definitely kludgy at times. The best approach for preventing spam is to require your users to log in, and then limit what they can do based on knowing who they are, and knowing what they've done in the past. For example, most apps limit the places users can write to based on

I am getting an error when deploying rules using the deploy command in CI firebase deploy --only firestore:rules --non-interactive Output: i deploying firestore i firestore: checking firestore.rules for compilation errors... ✔ firestore: rules file firestore.rules compiled successfully i firestore: uploading rules firestore.rules... i firestore: quota exceeded error while uploading rules ? You have 2501 rules, do you want to delete the oldest 10 to free up space? (y/N) I can fix the problem temporarily by deleting the last 10 manually, but will hit the limit again soon. Is there an easier way

I'm fairly new to Cloud Firestore particularly security roles, but being that they're significantly important I'd rather start the new build of the project surrounding them. Now as a basic insight, I have a dashboard of which users have to sign in with their email addresses and passwords, of which then they can access data such as regional information. To start off with the security rules, I figured I'd start out simple, and yet as the title states I'm getting: Error: Missing or insufficient permissions I've looked at https://firebase.google.com/docs/firestore/solutions/role-based-access

Firestore doesn't work well with get inside a function I have this rule service cloud.firestore { match /databases/{database}/documents { function isProjectOpenForAssign() { return get(/databases/$(database)/documents/projects/$(anyProject)).data.canAssignTask == true; } match /projects/{anyProject} { allow create: if request.auth != null; match /tasks/{anyTask} { allow create: if request.auth != null && (isProjectOpenForAssign()); } } } } When running the simulator testing it I get: Error running simulation — Error: simulator.rules line [23], column [14]. Function not found error: Name: [get]

I want to give a user the right to update a document. But ONLY if the user updates one specific field of this document. All other fields shouldn't be changed by this user. Is this possible in firestore? I tried something like this: function isUpdateToOpenField(attr) { return attr == get(/databases/$(database)/documents/stores/$(store)).data.open; } allow update: if isUpdateToOpenField(request.resource.data); But I don't know how to compare if the update corresponds to the right field. Update: writeFields is no longer supported by Firestore and its functionality will eventually be removed. See

As for security rules of Firebase Realtime Database, both public and private data can exist in the same tree using such as the following rule. However, when using Firestore, it doesn't seem to enable us to do the same because the chuck of data we can retrieve is only under collection or document. When public and private data is defined in the same document and getting data w/ collection/document, we'd get error of insufficient permissions as for private data if we are not the owner. When using RTDB, we can get data of 'users/{userId}/publicInfo' because we don't have any idea of collection