Firebase Rules: Allow only Specific URL? - firebase

I have a firebase realtime database.
And i have a "like" button app for my website.
But my database is not safe, because everyone can write to my database.
I want is: "allow only incoming data from my website. And block incoming from other sites"
For example:
{
"rules": {
".read": true,
".write": allow only incoming data from "www.example.com" and block incoming from other sites
}
}
How can I do this? Or how can I set this rule on Firebase console?

If I understand correctly what you are trying to do, I believe you can do it with the service account linked with your Firebase account. You can manually create a whitelist of
URL's allowed to use your API key. The trick is that it is found in the Google Cloud Platform, not the Firebase Console. However, there is a nifty link in Firebase Console that will take you to where you need to be.
(Also, the direct link of where to go is https://console.cloud.google.com/apis/credentials but make sure you are logged into an "Owner" or "Editor" account listed on the "Users and permissions" tab found at step two below.)
Here are the steps:
Log into your Firebase Console and go to the gear icon next to "project overview" in the top left of the Firebase console.
Then navigate to the "Users and permissions" tab
Then click the small blue link underneath the main table on the screen that says "Advanced permission settings".
It should take you to Google Cloud Console. (Make sure you are logged into an "Owner" or "Editor" account listed on the "Users and permissions" tab you were just looking at from the Firebase Console.) Click the menu in the top left of the Google Cloud Console, and go to "APIs & Services"
Then the click sub-menu item "credentials"
Click the desired API key you want to restrict.
And set the websites you want to allow access by clicking the radio button "HTTP Referers" under "Application Restrictions", adding an item, entering the web address, and hitting done to save the changes.

Related

Firebase Remote Config - Conditions not applied

I am using the Firebase Web SDK 8.3.1 and I have created a remote config parameter with conditions based on a custom user properties.
The problem I encounter is that my end users always get the default value, never one from any of the conditions, even if I am sure the user actually matches the conditions...
I see in the doc:
Warning: To use audiences and user properties with Remote Config, you
must enable Google Analytics data sharing for your project. In your
app, you'll need to ensure Firebase Analytics is present and data
collection is available as well.
Then if I follow the provided link I see the instructions:
To manage Google Analytics for Firebase data sharing:
Sign in to Firebase and select a project.
Click the Settings icon and select Project Settings.
On the Project Settings page, click Data privacy.
See the options available under Google Analytics data
sharing. When you share Analytics data, you share it for all the apps
in your project.
Turn on the switch for Share Analytics data with all Firebase
features, including Predictions, A/B Testing, Remote Config, and
Notifications (this is your default setting) to enable all current
options to share data with Firebase features.
But in my firebase console I dont have this switch! Under "Google Analytics data sharing" there is now another link:
So I cant turn on this setting :(
Note: how I made sure my user actually matches the condition "user property X == A":
Wait 30mins
Launch the app with a user having user property X set to A
Launch the Realtime dashboard of Firebase Analytics and filter to the last 30mins
And here I see that there were indeed 1 user in the last 30mins and this user had property X set to A
So is there anything special I should do when I want to create a condition using custom user properties?

Canonical way to disable analytics in flutter debug build

I have a flutter app using firebase and google analytics. My data about active users is wrong as I am testing a lot in emulators and google analytics thinks that the installs there are real users. As I often reinstall the app for testing it somehow seems to count it as a new user every time.
As a solution, I'd like to disable google analytics when building the app in debug mode and only activate it when I build it with --release.
Does anyone know how do achieve this with a flutter app?
I assume you're using Firebase Analytics in Flutter (I don't think there's GA for Flutter). You can use kReleaseMode flag when setting navigatorObservers of MaterialApp and creating FirebaseAnalyticsObserver instance. Here's how I do it in my app (notice that I also use preferences which allow user to turn on/off analytics, as well as desktop platforms where there's no Firebase support which is why I specifically check for Web, iOS and Android platforms):
MaterialApp(
...
navigatorObservers: preferences.isAnalyticsEnabled &&
kReleaseMode &&
(kIsWeb || Platform.isAndroid || Platform.isIOS)
? [
FirebaseAnalyticsObserver(analytics: FirebaseAnalytics()),
]
: [],
...
Maybe not what you are looking for, but you can remove all the ip-addresses of your debug devices from getting tracked in Google Analytics.
UPDATE: the original answer was for Universal Analytics only. Updated the answer to also include Google Analytics 4 properties.
For the old Universal Analytics properties, the instructions according to this page are:
Exclude Your IP Address From Google Analytics
Login to Google Analytics and select your profile
Select the Admin menu
Under Account select All Filters
Click Add Filter
Give the filter a name (can be anything, I use the IP address)
Leave Filter Type as predefined
It should read: Exclude + traffic from the IP addresses + that are equal to
Enter your IP address
For the new Google Analytics 4 properties, you can filter out "internal traffic" by following the instructions on this page:
In Admin, click Data Streams in the Property column.
Click Web and then click a web data stream.
In the web stream details, click Configure tag settings (at the bottom).
Click Define internal traffic.
Click Create.
Enter a name for the rule.
traffic_type is the only event parameter for which you can define a value. internal is the default value, but you can enter a new value (e.g., emea_headquarters) to represent a location from which internal traffic originates.
Under IP address > Match type, select one of the operators (e.g., IP address equals).
Under IP address, enter an address or range of addresses that identify traffic from the location you identified in Step 8. You can enter IPv4 or IPv6 addresses.
Click Create
Note: before step 4 you might need to first click on "Show more" to see the "Define internal traffic" button.
Check this out from another answer. To disable the collection of data by Firebase Analytics in your app, see the instructions here.
In summary, to disable temporarily, set FIREBASE_ANALYTICS_COLLECTION_ENABLED to NO in the GoogleServices-Info.plist file. To disable permanently, set FIREBASE_ANALYTICS_COLLECTION_DEACTIVATED to YES in the same plist file.
https://stackoverflow.com/questions/37518212/how-to-disable-remove-firebaseanalytics#:~:text=To%20disable%20the%20collection%20of,in%20the%20same%20plist%20file.

Sign In with another google account for firebase and adsense

I am using another google account for google adsense and it's verified. Is it possible to integrate that account for admob with this one?
I am using firebase in -> abc#gmail.com
My adsense account is -> xyz#gmail.com
I have the same issue with two different accounts for firebase and admob.
What I've found is this post in google groups - https://groups.google.com/forum/#!topic/firebase-talk/Woe_vOdAsS4.
So it seems like it is possible to do that, but with some additional steps described in this reply - https://groups.google.com/d/msg/firebase-talk/Woe_vOdAsS4/urnc38SAAwAJ
Summary:
Admob/adsense account should be added as other owner into the Firebase account:
Sign in to Firebase.
Click the Settings icon and select Permissions.
On the Permissions page, click Add member.
In the dialog, enter the user, domain, group, or service account you wish to add.
Select a role("owner") for the new member, and click Add.
Now you should be able to link your AdMob app to a new project as normal.
I did what #kodlan suggested after which I started seeing the firebase project from my firebase account. - Great so far!
However after selecting the project and typing the right package info, when I pressed LINK,
I got an error:
"Can't link to Firebase. To continue, you’ll need the Edit role or Manage users role for this property in Google Analytics. Update permissions in Google Analytics"
To resolve this:
Go to the Firebase account by login as (original owner)
load the url: https://analytics.google.com/
In the left nav bar of analytics page, click on the "gear/settings" icon which has label "ADMIN"
In the resulting screen - on ADMIN tab, click on "Account User Management"
Click on the + icon to add another user (user of admob account)
Check all checkboxes (or at least Edit, Read, Analyse). I didnt select "manage user" it was still ok without this.
Save.
Now, go to the Admob login and link your App with the firebase project, it should go through ok!

How to add collaborators to a Firebase app?

On the latest version of Firebase (Announced during Google I/O 2016), how do I add other people to my project or app whom I want to collaborate with? I came across IAM roles through Settings > Permissions. Is this the right way? If I add person there and assign a role, say Editor, will he/she be notified about it through email? Will a request be sent or will they be added directly to that role?
To give people access to your Firebase project, take these steps:
Select your project in the new Firebase Console
In the top left, next to the project name, click the settings/cog wheel icon
Click Users and Permissions
Click Add member
Enter the email address of the user to add and select the appropriate role as per your requirement
Click the second Add member button
The newly added users will get an email with the subject [Firebase] Invitation to join project and an option to Accept Invite in the body. Be certain to let them know that you added them so that they can accept the invite.
UPDATE 6/18/2018 - changes to Cloud Console and Google's functionality, the original solution may no longer work as shared in comments. For a recent project, I was able to add other users and permissions via Firebase console as indicated below.
Old Solution
Originally you had to choose Editor but you do not have to any more. There are new roles added to Google Cloud IAM in the other section, namely the Firebase Rules System role.
If you add a user to a Google Cloud project using IAM and assign them this role, they can access Firebase project by visiting:
https://console.firebase.google.com
The authorized project(s) should appear and they can access, without access to the rest of the Google Cloud project.
In latest version of the console adding is in a bit different.
Go To Your Project -> Project Overview -> Users and Permissions . This will open up new Pop Up.
Now click on the +Add to add the Members.
Now Add Email Id of the member. Now below that choose from the dropdown Project -> Collaborator as shown below and Save. Thats all! You are done.
If you're adding a Project owner, an invite will be sent to the new user. However, no email invites are sent for the Project Editor/Viewer roles.
From Users and Permissions tab, now, at I/O 2019, it was announced a new option to give permissions.
You can now assign to a specific collaborator, access to Analytics, Develop, Quality and Grow, each one with Admin privileges or View privileges.

Managing multiple google analytics account under the same root account?

We are trying to enable google analytics for an android project but running into an issue with account setup. We have a single gmail account and wanted to set up separate analytics "accounts" underneath that, each with multiple properties.
Our analytics account setup: http://www.screencast.com/t/sWj7YKX4hG
The issue we are having is that the first analytics account is pre-selected (red arrow indicated here http://screencast.com/t/mILTGO4LZ) with a dropdown of that account's properties ... but we cannot select the second analytics account or any of its properties which are obviously available under the same gmail account.
Has anyone else had this problem? Did we miss a step in the config somewhere?
Log in into Google Analytics, go to Admin tab.
Click the Account drop-down.
The last option in the drop-down is "Create new account"
enter image description here

Resources