Is there any way to check and accept only specific domains that can access the firestore in security rules? My app doesn't have any authentication, so I don't have any other way to secure the firestore.
Asked
Active
Viewed 181 times
0
-
It's not possible, domain of origin is easily spoofed - there is no real security in that. – Doug Stevenson Apr 07 '21 at 21:31
-
Then is it possible to get rid of the "your firestore security rules are insecure" email? That's all I'm trying to do, but I don't have any other way to secure it – MicasiO Apr 07 '21 at 21:34
-
Without seeing what you have now, we don't know what the problem is that it's complaining about. – Doug Stevenson Apr 07 '21 at 21:50