Do I need extra security checks rather than firebase provides? #5478
ahmetyaziciDEFY
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In my app I have appCheck, and also authentication is done with signInWithEmailAndPassword method (auth token is auto assigned) , and the authorization is done via claims (
{ role: 'Admin' }
ext.). In my cloud functions I check the auth and app, and if needed the role via claims.Also I have some firestore rules in my database which does everything I want to do. But I wonder if there i anything extra I need to do in order to secure my app from attacks like XSS or CSRF. Any comment is appreciated.Beta Was this translation helpful? Give feedback.
All reactions