I understand that in Firebase, you can set Authorized Domains for OAuth Redirects only. That means it doesn't work for Anonymous Authentication as they said:
https://www.firebase.com/docs/web/guide/user-auth.html
For security reasons, if you're using a web-based OAuth flow (Facebook, Twitter, Github, or Google), only domains that you whitelist are allowed to initiate authentication for your app. This does not apply to Email & Password, Anonymous, or Custom authentication methods.
BUT is there a way to make sure the write doesn't happen from another domains?
My security string code
{
"rules": {
".read": "auth !== null",
".write": "auth !== null"
}
}
My login code
Ref.authAnonymously(function(error, authData) {
if (error) {
console.log("Login Failed!", error);
} else {
console.log("Authenticated successfully with payload:", authData);
}
});
The use case I have is that I need to create a very simple form to fill out on my website. I don't want others to hack into my Firebase URL and write trash into it. I don't want the random visitors to login either. So it's best if the Anonymous Authentication happens in the background so I can get the domain string to pass in security check.
Is there a way to do this?
