Follow the steps below to move Firebase Firestore rules from test to production mode. I'll also show you how to monitor the status of your Firebase Cloud Firestore deployment.
Here's how you can deploy your Firestore security rules:
Step 1: Install the Firebase CLI (Command Line Interface)
- Install the Firebase CLI globally on your PC if you haven't previously. If you have Node.js installed, you can do this with npm (Node Package Manager):
npm install -g firebase-tools
Step 2: Authenticate with Firebase Make sure you are logged in to your Firebase account. If you are not logged in, use the following command to log in:
firebase login
Step 3: Navigate to your Firebase project Open a terminal/command prompt, and navigate to your project's root directory (where your firebase.json file is located).
Step 4: Deploy Firestore security rules To deploy your Firestore rules, use the following command:
firebase deploy --only firestore:rules
This will apply your Firestore security rules to your production Firestore database and deploy them.
Remember that deploying rules to production can have catastrophic repercussions if they are not correctly configured. To verify that your rules perform as expected, thoroughly test them in test mode before deploying them to production.
You can check the Firebase console to see if your Firebase Cloud Firestore is functioning. Take the following steps:
- Go to https://console.firebase.google.com/ to access the Firebase console.
- Choose your project from the list (if you have more than one).
- On the left sidebar, select "Firestore Database."
- At the top of the Firestore dashboard, you'll see a "Rules" tab.
- If your rules were successfully deployed and are active, you will see a green indicator indica ting that they are active.
You will see something like this below.
rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if request.time < timestamp.date(2020, 10, 6); } } }
Change it as follows, Note: mind the rules_version and ensure you are reflecting the correct rules_version.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {// This rule allows anyone with your Firestore database reference to view, edit,
// and delete all data in your Firestore database. It is useful for getting
// started, but it is configured to expire after 30 days because it
// leaves your app open to attackers. At that time, all client
// requests to your Firestore database will be denied.
//
// Make sure to write security rules for your app before that time, or else
// all client requests to your Firestore database will be denied until you Update
// your rules
match /{document=**} {
allow read, write: if false;
}0
}
}
Click Publish That's it, you are now switched to Production mode.
Firestore security rules are critical to securing your database, so make sure to thoroughly examine and test them before sending them to production to avoid security issues.