问题描述
我已禁用我的安全规则,因此任何人都可以更新,写入,创建,读取,删除allow read,write,delete,update,create;
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read,create;
}
}
}当我尝试使用`POST https://firestore.googleapis.com/v1/{database=projects/*/databases/*}/documents:batchWrite
时身体如下所示
{
"writes": [
{
"update": {
"name": "projects/project_id/databases/(default)/documents/service_order/352003090342435.5f357270173e8c70878.-9486573","fields": {
"managed_by": {
"booleanValue": "false"
},"location2": {
"booleanValue": "false"
},"made_by": {
"stringValue": "352003090342435.5eda4f3c17284c58460.90921842"
},"phone2": {
"stringValue": "0665439307"
},"state": {
"stringValue": "confirm"
},"write_date": {
"stringValue": "1597664391000"
},"made_by_name": {
"stringValue": "FaridBenabdallah"
},"description": {
"stringValue": "e1"
},"accepted_offer": {
"booleanValue": "false"
},"id": {
"stringValue": "352003090342435.5f357270173e8c70878.-9486573"
},"location1": {
"stringValue": "352003090342435.5f3572a0173e8c7c336.-8281409"
},"date_order": {
"booleanValue": "false"
},"order_type": {
"stringValue": "Minuiserie"
},"phone1": {
"stringValue": "0657331995"
}
}
},"updateMask": {
"fieldpaths": [
"managed_by","location2","made_by","phone2","state","write_date","made_by_name","description","accepted_offer","id","location1","date_order","order_type","phone1"
]
}
}
]
}`rest api,它总是以拒绝的权限进行响应
{
"error": {
"code": 403,"message": "Missing or insufficient permissions.","status": "PERMISSION_DENIED"
}
}但是,当我在Google OAuth 2.0上尝试使用它时,
因此,当我在没有authoirzation header 的情况下使用batchWrite时,出现了问题
解决方法
随着支持人员的回应,火力基地内部似乎出现了问题
我自己执行了一些附加测试后,似乎此行为可能与REST API隔离,因为我们的SDK似乎均未受影响。我将继续向我们的工程师提出这种行为,以查看这是否是预期的行为,或者原始REST调用中是否仅缺少某些行为。如果有任何要分享的更新,我会尽快与您联系。
所以我做了一些研究,发现我可以使用commit rest api,因为它看起来一样,但是没有身份验证标头或将Firebase令牌用作授权标头就可以使用