Comments (4)
ankemp
commented on June 29, 2024
2
Some things to consider:
angular/angular-cli#3430
&&
angular/angular-cli#6872
from firebase-cms.
alexabbott
commented on June 29, 2024
-
Inputs are sanitized/escaped (no xss)
DONE -
File uploads are restricted to safe formats
DONE - restricted on FE and in Storage Rules -
CSP whitelist (only allow specific domains)
DONE - had to add 'unsafe-inline' for CSS + 'unsafe-eval' for JS based on the articles @ankemp commented, then 'unsafe-inline' for JS because of CKeditor (WYSIWYG) -
User/admin permissions are correct, no holes
DONE -
Firebase read/write rules are correct, no holes
DONE -
Firebase data schema is scalable (don't load whole lists at once, structure into separate lists)
DONE -
Application can scale on firebase hosting, email sending, uploads
DONE -- email sending is via gmail, so it is limited. Scaling email sending would require use of third-party email service like Mailgun -
Estimate costs at scale, compared to static hosting, and Python hosting
TODO
from firebase-cms.
kmturley
commented on June 29, 2024
Getting some permissions errors now when I view the admin area:
- /admins/-473942351
- /approvals
- /approvals/products
- /users
- /orders
- etc
Am I an admin?
from firebase-cms.
alexabbott
commented on June 29, 2024
@kmturley yes, you are a super-admin, but it says your account has not logged in yet? I've updated some of the admin functionality recently so you may have to re-login via /login
The paths you've listed should have /admin in front of them and a couple of them are invalid:
- /admins/-473942351- INVALID - should be /admin/admins/edit-admin/ADMINKEY
- /approvals - should be /admin/approvals
- /approvals/products - INVALID - there is no separate view for product approvals, all approvals live at /admins/approvals
- /users - INVALID - should be /admin/customers
- /orders - should be /admin/orders
from firebase-cms.
Related Issues (19)
- Separate admin and store UI's in different projects
- Service worker code caching
- Add pagination for posts HOT 2
- Error when run npm serve HOT 1
- Cannot progress to 'confirm order' screen HOT 1
- Cannot read property 'length' of undefined HOT 1
- Vulnerabilities in Firebase Database Rules
- Cannot find namespace 'firebase' HOT 1
- Firebase Data HOT 2
- Error in Funsctions & Storage
- Payment issue HOT 2
- Firebase Storage Rules
- Migration to angular 6+ ERROR TS2307 HOT 1
- Demo not working
- Firebase Deploy Issue
- Angular v11 Update HOT 2
- Angular Routes Approach HOT 1
- Search Engine Optimization & Performance HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from firebase-cms.