Validation Messages
28 views
Skip to first unread message
Douglas Correa
Nov 11, 2015, 9:37:15 PM11/11/15
to fireba...@googlegroups.com
Hi guys,
Currently, if I have 2 or more validations (like size and format) or even an write rule with restrict access I always receive "PERMISSION_DENIED" when it fails.
With this restriction I need to re-implement the validations (duplicating my business rules) on client side then I can give the correct message to my user.
Is there any plans to Firebase implement validation messages in the Security rules?
Then I will can use the server validation messages to display to the user and it will avoid duplicating
my business rules.
Regards,
Douglas
Kato Richardson
Nov 12, 2015, 11:41:59 AM11/12/15
to Firebase Google Group
Hi Douglas,
This has been around the table a few times and has some value. But ultimately, server-side security rules shouldn't be coupled to your UI messages. It also introduces some minor risk, as it provides a way to reverse engineer your security rules and thus find and exploit errors or oversights.
I'll add your vote to the feature list!
☼, Kato
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/CAPUi1p1hyJytmz47OfncCSxApX-RJOf3Geq%3DVQ3zrykeVa%3DkDQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Kerman K
Nov 13, 2015, 3:07:41 AM11/13/15
to Firebase Google Group
I was just going to post about this too haha - It's something that I'm struggling with and really wish was there...
Maybe there could be a special key that enables security rules to be shown on the client?
- Kerman
Kato Richardson
Nov 13, 2015, 10:04:04 AM11/13/15
to Firebase Google Group
Kerman,
Thanks for the additional feedback. We came to much the same conclusion. The best way to implement this would be some sort of opt-in to have them displayed client-side. Ideally (although quite a bit more complex) you could decide what, if any, message was returned per security rule.
I'll put your vote on the list as well!
☼, Kato
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/a9c584fe-5548-44d3-8d5e-a7dd874ac9c9%40googlegroups.com.
Kerman K
Nov 18, 2015, 1:32:15 AM11/18/15
to Firebase Google Group
Hey guys,
Quick update, Kato showed me a way to get the full error, http://jsfiddle.net/firebase/XDXu5/embedded/result/ - use your secret, the uid of the user and set debug = true :)
Quick update, Kato showed me a way to get the full error, http://jsfiddle.net/firebase/XDXu5/embedded/result/ - use your secret, the uid of the user and set debug = true :)
- Kerman
Douglas Correa
Nov 18, 2015, 1:05:34 PM11/18/15
to fireba...@googlegroups.com
Hi Kerman,
Thanks for sharing!
That's very good for debugging, but unfortunately there is no easy way to use it on runtime/production, because do not provide a way to get the validation error programatically and transform it in a user friendly message.
Douglas
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/4f2e7507-187d-4e7c-9139-637f5651124d%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages