Security Rules

Let's add security rules to authenticate data writes and establish persistent data.

Security rules for your web application

As mentioned in the “Write data” lesson earlier, we never authenticated in order to persist data. When we initialized the Firebase CLI a while ago, a default security rules file was created that grants read/write permissions to anyone. It’s time to fix this.

The file is located at services/web/firebase/firestore.rules.

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /posts/{post} {
      allow read;
      allow write: if request.auth.uid != null;
    }
  }
}

Get hands-on with 1200+ tech skills courses.