Hi everyone! I developed this app of mine that allows me to view in a list all the users who have signed up through my site, and to send me a notification if there is a new member. However, now, I've gotten to the point of securing my database via AppCheck and ensuring that data write and read requests (I'd mostly prefer read) can only happen from a specific app or web app...
Everything seemed to work perfectly, in fact on my site the script I added and the configuration allowed me to write data coming only from my domain to Firebase, unfortunately however since I added these security rules my app has no longer downloaded and read the data, since its requests are extraneous.
However, I think this problem can be solved simply server-side on Firebase and avoid messing with the code, however I have no idea how this can be done... I think the topic is about the SDK!
Provide an example of the secure rules you have in place
and what exactly did you do with AppCheck, and why ?
It sounds like you need to unenforce and reconsider the enforcement requirements...for example, what is a verified request (not just requests from your own domain...)
It is worth noting that an AppInventor app often falls into the cracks between what Google/Firebase understand as an Android app and a web app.
for now forget what I wrote before, I removed all the controls via app check, and I only and exclusively wanted to protect my firebase database with more specific rules, and I added the following as I wrote before. However, now I need the right get request to access the data to be able to read the data, and I need the famous "SECRET_KEY" to access it by passing this password as a query