Search code examples
firebase-realtime-databasefirebase-security

Firebase your realtime database has insecure rules warning


I have a website that uses Firebase Realtime Database. It usually sends me e-mail about insecure rules warning. I searched about this here and Firebase Documantation, but when I write other rules, it gives me such error:

Error saving rules - Line 10: String can't contain ".", "#", "$", "/", "[", or "]"

{
  // Allow anyone to read data, but only authenticated content owners can
  // make changes to their data

  "rules": {
    "some_path/${uid}": {
      ".read": true,
      // or ".read": "auth.uid != null" for only authenticated users
      ".write": "request.auth.uid == uid"
    } SHOWS ME ERROR IS HERE.
  } 
}

I am using this rules for now:

{
  "rules": {
    ".read": true,
      ".write": false
  }
}

enter image description here

here is one picture that I try one of other rules called Mixed public and private access.

I will be very glad if anyone can help me.


Solution

  • The syntax does not seem correct to refer to a child resource, check below syntax to achieve the desired effect

    {
      "rules": {
        "some_path": {
          "$uid": {
            ".write": "$uid === auth.uid"
          }
        }
      }
    }
    
    

    https://firebase.google.com/docs/database/security