If you have been trying to learn how to use AngularFire, you are probably finding its ability to trigger database modification operations from the browser a bit surprising, to say the least.
How can that even work from a security perspective? The key ingredient for CRUD operations to still be safe when done from a browser are Firestore Security Rules.
What Are Firestore Security Rules?
You don't need any application code written, just a small file with a set of rules. Whenever a data read or modification request gets sent from a browser to a Firestore database, the Firestore server is going to allow the request to go through (or not) by running it through this set of rules.
We can write rules based on the content of the request, which includes the user authentication information including it's roles, and we can also write rules based on the current content of the database.
This means that we can write rules like:
Please Hit Reply and let me know: what would you like to learn about Firestore Security Rules? Any gotchas that you run into?
You can learn all about Firestore Security Rules in this week's 36 new minutes of the ongoing Firebase & AngularFire In Depth course, scroll below to see the titles of this week's lessons.
I want to thank you for reading and wish you an awesome weekend!