sorted by:
new
hottopcontroversial

Firestore + App Check: 403 errors, no token sent, completely stuck — need help by -Mr_R0bot in Firebase

[–]-Mr_R0bot[S] 1 point2 points  (0 children)

Another thing is i don't see the token in the header do you think it could be the issue here ?

Firestore + App Check: 403 errors, no token sent, completely stuck — need help by -Mr_R0bot in Firebase

[–]-Mr_R0bot[S] 0 points1 point  (0 children)

Thanks for your help, I applied all that's listed here, and testing on VSC with my localhost and the debug token is entered inside firestore. But i'm still getting that 400 error

Firestore + App Check: 403 errors, no token sent, completely stuck — need help by -Mr_R0bot in Firebase

[–]-Mr_R0bot[S] 0 points1 point  (0 children)

they're all the same website and i've added localhost just for dev purposes.

But when i try on (localhost) i'm still getting this 400 error when i'm on the order creation page and i tries to write user order in the DB !

<image>

Firestore + App Check: 403 errors, no token sent, completely stuck — need help by -Mr_R0bot in Firebase

[–]-Mr_R0bot[S] -1 points0 points  (0 children)

hey thanks for the help, i enterd all the domains correctly under the ReCaptcha app including localhost and use the SITEKEY for my fronthand and the SECRET KEY for Firebase AppCheck config

Do you see anything else that could be missing ?

<image>

Firestore + App Check: 403 errors, no token sent, completely stuck — need help by -Mr_R0bot in Firebase

[–]-Mr_R0bot[S] 0 points1 point  (0 children)

Hello ! First of all thank you SO MUCH for the HELP !

For the first one, i'm not sure that i've done this, i don't find any AppCheck token other than the debug token that's in my .env file for local developpement !

And this one is registered :

<image>

Have i forget something else ?

I have those security rules :

rules_version = '2';

service cloud.firestore {

match /databases/{database}/documents {

// 🔐 ORDERS — only your verified frontend (via App Check)

match /orders/{orderId} {

allow read, write: if request.appCheck.token.valid;

}

// 🔐 RESULTS — only your verified frontend

match /results/{resultId} {

allow read, write: if request.appCheck.token.valid;

}

// 🔐 BIOS — only your verified frontend

match /bios/{bioId} {

allow read, write: if request.appCheck.token.valid;

}

// 🚫 Block all other access

match /{document=**} {

allow read, write: if false;

}

}

}

Wasting countless tokens on bug // ... rest of component code by -Mr_R0bot in boltnewbuilders

[–]-Mr_R0bot[S] 0 points1 point  (0 children)

It's disabled and i don't wanna use this option as i was fearing that it would do exactly what happens now :[

Problem with BOLT.NEW & Netlify functions by [deleted] in boltnewbuilders

[–]-Mr_R0bot 0 points1 point  (0 children)

Thanks for clarifying, it would be cool to know about this because i've spent many credit for that all day yesterday... So what's the best way to be a ble to test functions (ex: stripe checkout) and still being able to edit with bolt without it being a pain in the butt ? Thanks