firebase firebase-authentication google-cloud-firestore firebase-security

How to set firebase rules so that cloud firestore can only be accessed from web-app?

I am running a simple single page web app via firebase with which you can request information from cloud firestore.

Those are my security rules:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read ;
    }
  }
}

Problem With these rules, anyone who knows the link of my database can of course access the databse.

Question Is there any way to change these rules, so that you can only access the database through my web-app (with anonymous login)? Thanks.

Solution

What you're trying to do is not possible at all, even with security rules. You can control who can access what with security rules, but it's not possible to control where they're coming from, or the context of the request.

Framework 'FirebaseFirestoreInternal' not found after installing @react-native-firebase/firestore?
Sending data with push notification to Android with PHP
Firebase doesn't return data after applying orderBy function
Firebase Firestore getting data from a nested collection in jetpack compose
How to upload dsyms files which developed with Flutter?
Same package name for iOS and Android apps in Firebase
`firebase deploy` error "Project has no namespace"
Where can in install the Firebase App Tester app?
Send push notification to Android device with PHP
Firebase Realtime Database Requests Timing Out on Vercel Deployment But Working Locally
Database structure when creating a map app
Notion API - Notion database model is also a block?
Android - Firebase realtime database not updating when app in background
Firebase token error TOO_MANY_REGISTRATIONS
How can I add a "I accept the terms & privacy policy" checkbox to Google Firebase Authentication UI?
Flutter MacOS : Additional implementation for sign in with google
Billing for a Firebase Storage rule that access Firestore
How to avoid Blur image capture in firebase ML Kit’s Face Detection API
Firebase error with CORS when running on localhost
Using one signal for two observables that resolve at different times in Angular
How To Use Event Arc Locally For Cloud Run?
"Firebase Hosting Setup Complete" after deploy
Genkit using retriever context and tools causes error
Detect whether firebase app is hosted by emulator or in production
API key not found. Check that com.google.android.geo.API_KEY Error in expo development build
Firebase error: Function failed on loading user code (node.js)
Algolia Search Firebase Extension not tracking firestore database collection after install
CLIENT_ID missing from GoogleService-Info.plist with Firebase on IOS in a flutter app
Firebase emulator does not show firestore collections/documents added from angular app
Is ValueEventListener keep listening if the reference it was listening to is being removed?