I have connected this app with my firebase console. I am trying to upload videos from the app to firebase storage so that another app connect to same console (which has authentication) can display it
I am getting this error when I upload:
W/System (10365): Ignoring header X-Firebase-Locale because its value was null.
I went through this question(W/System: Ignoring header X-Firebase-Locale because its value was null) on stack overflow but I am unable to remove the authentication requirement still
My firebase storage rules are:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if
true;
}
}
}
I don't understand why I am still unable to upload without authentication.(App is connected to internet too and has permission)
Related
In Firebase, whenever I try to write to Firestore I'm getting permission errors in flutter. So I wanted to ask what signatures are you supposed to put in the settings? I'm currently using the services Firestore, Auth, and AppCheck.
I have 6 signatures in my settings:
SHA-1, SHA-256: debug.keystore
SHA-1, SHA-256: upload-keystore (is this needed?)
SHA-1, SHA-256: App signing key certificate from google console
The reason why I think it has something to do with the signatures is because I'm able to write to Firestore when I'm using AndroidProvider.debug in AppCheck. But when I make my release version using AndroidProvider.playIntegrity Firestore denies me.
Error:
E/flutter (25396): [ERROR:flutter/runtime/dart_vm_initializer.cc(41)] Unhandled Exception: [cloud_firestore/permission-denied] The caller does not have permission to execute the specified operation.
Firestore rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if isDev();
}
function isAuth() {
return request.auth != null;
}
function isDev() {
let datalist = ['myemail#foo.com'];
return isAuth() && request.auth.token.email in datalist;
}
}
}
I'm using IntelliJ.
You should use the SHA-256 certificate fingerprint that you can find in App integrity > App signing key certificate on the Google Play Console.
I stumbled upon the same issue today, and this is my current working setup. Hope this helps!
Okay long story short, I found out the phone I was testing API 28 on had been previously rooted. The original ROM had eventually been reinstalled but I guess it still qualifies as being rooted according to AppCheck.
I have an image link that I want to protect for only authorize users but the issue whenever I try to get the link I can see the picture, even if I specify the rule for it ?
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /profiles/{userId}/{image} {
// Read from storage !!
allow get : if request.auth != null // Authorized users only
}
}
}
If you're referring to download URLs, those are not at all controlled by security rules or any form of authentication. Anyone who has the link can view the content. That behavior can't be changed.
i'll publish my app on Google Play Store but in test phases (Alpha Version), i was using this rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// This rule allows anyone on the internet to view, edit, and delete
// all data in your Firestore database. It is useful for getting
// started, but it is configured to expire after 30 days because it
// leaves your app open to attackers. At that time, all client
// requests to your Firestore database will be denied.
//
// Make sure to write security rules for your app before that time, or else
// your app will lose access to your Firestore database
match /{document=**} {
// allow read, write: if request.time < timestamp.date(2020, 3, 25);
allow read, write: if request.auth.uid != null;
}
}
}
But, when the app must be published to public i can't know the best path or the best rules that my app must have.
My app have a login screen and after login screen each user have your respectives documents and collections in your document generated from sign up.
I can't got think on a form to protect my app of invasors.
I built a small iOS application which uses Realm instead of CoreData. The app does not require a login as it only stores data entered by the user. I'm currently trying to save users data so that if a user deleted the app for example, the data will be there by default the next the app is re-installed.
Here's where I am getting confused. Can I still use Realm Mobile Platform even though the app will not require a login screen. (i.e. data will automatically be saved for users who are logged-in to their iCloud accounts).
Here's what I've done so far:
I configured Realm Object Server on an AWS EC2 instance, and I can login to the realm dashboard through the browser just fine.
I configured the cloudKit stanza in the configuration.yml file as per the authentication instructions.
In my setupRealm() func, I tried the following code but I keep getting a parameters validation error:
SyncUser.logIn(with: cloudKitCredentials,
server: serverURL) { user, error in
if let user = user {
print("in")
}
else if let error = error {
fatalError(String(describing: error))
// Error: "Your request parameters did not validate."
}
This is the error message:
Error Domain=io.realm.sync Code=3
"Your request parameters did not validate."
UserInfo={statusCode=400,
NSLocalizedDescription=Your request parameters did not validate.}:
I suspect that the my iCloud user is not being tied with the object server, but I can't seem to put the pieces together. I'd appreciate any pointers.
The server requires a restart after editing the authentication lines in the configuration.yml.
I try to upload images to firebase, but i always receive this exceptionenter image description here
By default, Firebase Storage buckets require Firebase Authentication to upload files. You can change your Firebase Storage Security Rules to allow unauthenticated access.
Something like:
service firebase.storage {
match /b/<your-firbase-storage-bucket>/o {
match /{allPaths=**} {
allow read, write;
}
}
}
Will get you up and running ASAP