如何保护Firebase https功能?
[英]How to secure firebase https function?
问题描述
I have a firebase https function: 
我有一个firebase https函数:
exports.updateDatabase = functions.https.onRequest((req, res) => {
// ...
});
Which can be called via: https://us-central1-xxx-xxx.cloudfunctions.net/date 可以通过以下方式调用: https : //us-central1-xxx-xxx.cloudfunctions.net/date
Does it mean that anyone with this url is able to update the database? 这是否意味着具有此URL的任何人都可以更新数据库?
Is there a way to secure it when calling it from browser? 从浏览器调用时是否有保护它的方法?
1 个解决方案
解决方案1
2 已采纳 2018-06-02 00:48:05
You can't stop the function from being invoked by anyone who knows the URL. 您不能阻止知道URL的任何人调用该函数。
You can stop the function from doing something harmful by only allowing it to perform its intended action by requiring that an authenticated user call it, assuming you trust that user. 您可以通过要求经过身份验证的用户调用该功能(假设您信任该用户)而仅允许其执行预期的操作,从而阻止该功能执行有害的操作。
There is an example of requiring authentication in the official code samples here . 还有就是官方的代码示例中需要验证的例子在这里 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.