Firestore Database Rules - “Create” Rule Not Working for Cloud Functions

0
votes

Database Rules for Documents Created with HTTP Cloud Function

The attached image shows two things:

  1. Screenshot of Firestore database collection with one document that was created via http cloud function

  2. Screenshot of Firestore 2.0 rules.

Rule The rule allow create: if request.resource.data.replyTo == "hello"; was written to prevent any document from being created unless 'replyTo' == "hello".

Question Why was the document allowed to be created when 'replyTo' == '[email protected]' ?

Screenshot of Two Things: Database Collection and Document, and Database Rules

1
firebasegoogle-cloud-firestorefirebase-security
Firebase security rules only apply to the client-side SDKs. They do not apply to operations in the console, or to operations that use the Admin SDK. How did you create the document?Frank van Puffelen
Document was created by an HTTP cloud function.LoveYouFyi

1 Answers

6
votes

Cloud Firestore Security Rules is only for the Android, iOS, and Web client libraries. Not for server side(cloud functions using firebase admin SDK).

See https://firebase.google.com/docs/firestore/security/overview

For mobile and web client libraries, use Firebase Authentication and Cloud Firestore Security Rules to handle serverless authentication, authorization, and data validation. Learn how to secure your data for the Android, iOS, and Web client libraries with Cloud Firestore Security Rules.