I'm trying to avoid people spoofing my web app in order to gain access to the Firebase backend, specifically the Firestore databases. The logic of the app and the rules I'd have to implement would result in a much higher usage than if I could just restrict access to the domain that the website is hosted on. Is there a way to only allow access to a specific domain?
Asked
Active
Viewed 388 times
1 Answers
1
I think you are looking for Firebase App Check.
App Check helps protect your backend resources from abuse, such as billing fraud and phishing. It works with both Firebase services and your own backends to keep your resources safe.
With App Check, devices running your app will use an app or device attestation provider that attests to one or both of the following:
- Requests originate from your authentic app
- Requests originate from an authentic, untampered device
Renaud Tarnec
- 79,263
- 10
- 95
- 121
-
2App Check is not available for Firestore yet. Stay tuned to updates on that though. :) – Frank van Puffelen Oct 24 '21 at 14:52
-
1I'm not looking to "stay tuned", I'm looking to resolve this security issue and put out an app. – Eight Rice Oct 24 '21 at 16:02
-
@FrankvanPuffelen Thanks for the heads up Frank, I was too fast! :-) – Renaud Tarnec Oct 25 '21 at 13:30