By default, security rules give me an error like this PERMISSION_DENIED: false for 'update' @ L236
. As you could see it's not that useful.
For eg in the case of rate-limited Is there a way to send something like 429 status code along with a custom message which I could render in my front end... In case some field is missing I could do an error in userName or something like that
I couldn't find any reference in https://firebase.google.com/docs/reference/rules/rules.firestore
There is no way to customize the message that is returned when the security rules reject an operation. You will have to detect the condition in your application code, and handle it there.
Typically this is not a problem when you follow the best practice to developer your application code and security rules hand in hand. My flow usually is:
If you follow this process, your code will always meet the security rules - as that's precisely how you wrote them. So in that case the most common people to get "permission denied" are abusive users, who may use any additional information you might give them as an attack vector.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With