I am running a simple single page web app via firebase with which you can request information from cloud firestore.
Those are my security rules:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read ;
}
}
}
Problem With these rules, anyone who knows the link of my database can of course access the databse.
Question Is there any way to change these rules, so that you can only access the database through my web-app (with anonymous login)? Thanks.
What you're trying to do is not possible at all, even with security rules. You can control who can access what with security rules, but it's not possible to control where they're coming from, or the context of the request.