当前位置: 文江博客话题详情

“FirebaseError:“获取”为 false; @L5”在快照上使用时发生 firebase 错误,或使用 firebase 模拟器时获取文档

发布于 2025-01-10 09:24:57 字数 1469 浏览 1 评论 0原文

原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

疑心病 2025-01-17 09:24:57

错误消息“FirebaseError : false for 'get'@L5”表示安全规则拒绝安全规则第 5 行的请求。如果您按照如下方式制定了规则,

rules_version = '2';
service cloud.firestore {
 match /databases/{database}/documents {
   match /{document=**} {
     allow read, write: if false;
   }
 }
}

则第 5 行会出现错误,因为您不允许任何人进行读写访问。
要解决这个问题,您可以将 firestore 规则更改为 :

match /{document=**} { allow read: if true; allow write: if true; }

但这允许将读取和写入操作的规则设置为 true,这意味着您允许任何知道您的项目 ID 的人读取和写入您的数据库,这显然是不好,因为恶意用户可以利用它。确实,您可以在短时间内使用这些设置进行测试,但绝不能在生产环境中使用。

因此,还有另一种选择,您可以将对数据库的访问限制在固定的时间内。今天是 2021 年 3 月 1 日,我们将访问限制为一天:

rules_version = '2';
service cloud.firestore {
 match /databases/{database}/documents {
   match /{document=**} {
     allow read, write: if request.time < timestamp.date(2021, 3, 2);
   }
 }
}

安全规则中最重要的部分是 Firebase 身份验证,这意味着您只能允许经过身份验证以在数据库中执行操作的用户进行访问。规则应如下所示:

rules_version = '2';
service cloud.firestore {
 match /databases/{database}/documents {
   match /{document=**} {
     allow read, write: if request.auth != null;
   }
 }
}

如果您需要一组更细粒度的规则,例如,仅允许 UID 值等于来自身份验证过程的 UID 值的经过身份验证的用户能够写入自己的文档,那么您应该考虑使用以下规则:

rules_version = '2';
service cloud.firestore {
 match /databases/{database}/documents {
   match /users/{uid} {
     allow create: if request.auth != null;
     allow read, update, delete: if request.auth != null && request.auth.uid == uid;
   }
 }
}

功能请求 将此错误消息提交至更精确,如 “FirebaseError: PERMISSION_DENIED 因为安全规则对 'get' @ L5 返回 false”

The error message “FirebaseError : false for ‘get’ @L5” is saying that security rules are denying the request at line 5 of your security rules. If you have curated your rules like below,

rules_version = '2';
service cloud.firestore {
 match /databases/{database}/documents {
   match /{document=**} {
     allow read, write: if false;
   }
 }
}

then line 5 has the error as you are not allowing read and write access to anyone.
To fix that you can either change your firestore rules to :

match /{document=**} { allow read: if true; allow write: if true; }

but this allows setting your rules to true to both read and write operations, which means that you allow anybody who knows your project ID to read from, and write to your database which is obviously bad, since malicious users can take advantage of it. It’s true that you can use these settings for a small amount of time for testing purposes, but never in a production environment.

So there is another option in which you can limit access to your database to a fixed amount of time. Today is 1.03.2021, we are limiting the access for exactly one day by:

rules_version = '2';
service cloud.firestore {
 match /databases/{database}/documents {
   match /{document=**} {
     allow read, write: if request.time < timestamp.date(2021, 3, 2);
   }
 }
}

The most important part when it comes to security rules is the Firebase Authentication, meaning that you can allow access only to the users that are authenticated to perform operations in your database. The rules should look like this:

rules_version = '2';
service cloud.firestore {
 match /databases/{database}/documents {
   match /{document=**} {
     allow read, write: if request.auth != null;
   }
 }
}

If you need a more granular set of rules, for instance, to allow only the authenticated users, who have the value of the UID equal to the value of UID that comes from to authentication process, to be able to write to their own document, then you should consider using the following rules:

rules_version = '2';
service cloud.firestore {
 match /databases/{database}/documents {
   match /users/{uid} {
     allow create: if request.auth != null;
     allow read, update, delete: if request.auth != null && request.auth.uid == uid;
   }
 }
}

A feature request is filed for this error message to be more precise like “FirebaseError: PERMISSION_DENIED because security rules returned false for 'get' @ L5”

回复 原文
~没有更多了~

关于作者

情深如许

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

饮湿

文章 0 评论 0

明月

文章 0 评论 0

02

文章 0 评论 0

hs1283

文章 0 评论 0

风向决定发型

文章 0 评论 0

落花浅忆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文