FG
๐Ÿ’ป Software๐Ÿ”Œ APIs & SDKsGoogle

request.auth is null in Firestore Rules when called from Firebase JS SDK in UWP

Freshalmost 6 years ago
Mar 14, 20260 views
Confidence Score77%
77%

Problem

I've discovered a problem when querying Firestore from UWP Universal Javascript project with Firebase JS SDK. Problem description Problem occurs when querying Firestore with authenticated user and Firestore Security Rules set to: [code block]` I'm always receiving: [code block]` With try and fail method I was able to find out that 'request.auth' object is 'null' in Security Rules because with following rule I'm able to successfully query Firestore: [code block]` However this Security Rule enables reading of data for everyone and stored data will not be secured. In my opinion, the problem is related to the fact that access token is not processed (therefore request.auth is null). The only difference I've found is that HTTP header is NOT 'Origin: file://' (Origin header is completely missing) and CORS headers are not set correctly set in Response (CORS header are missing, but I'm not sure if this is the reason why access token is not processed). Expected behavior Auth token should be processed and Firestore Security Rules applied accordingly. Attachements UWP Project to reproduce the error (need some Firebase Test project and Firebase user): https://1drv.ms/u/s!AjL4mBIpdvWDnYZqNkla5hHjjguGVg HTTP Request from UWP: [code block]` Javascript Console output: [code block]`

Error Output

Error: [code=permission-denied]: Missing or insufficient permissions.

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
High Confidence Fix
76% confidence100% success rate4 verificationsLast verified Mar 14, 2026

Solution: request.auth is null in Firestore Rules when called from Firebase JS SDK in UWP

Low Risk

I'm having the same problem with some Internet Explorer 11 users. If I set security rules to read and write for authenticated user only in Firestore I'm getting: `FirebaseError: [code=permission-denied]: Missing or insufficient permissions.` Rules: `allow read, write: if request.auth != null && request.auth.uid != null;` If I remove these rules those Internet Explorer 11 user can access the data

76

Trust Score

4 verifications

100% success
  1. 1

    I'm having the same problem with some Internet Explorer 11 users.

    If I set security rules to read and write for authenticated user only in Firestore I'm getting: `FirebaseError: [code=permission-denied]: Missing or insufficient permissions.`

  2. 2

    Step 2

    `allow read, write: if request.auth != null && request.auth.uid != null;`

  3. 3

    If I remove these rules those Internet Explorer 11 user can access the data from

    So it seems like on some Internet Explorer 11 instances Firestore request aren't sent authenticated. On other Browsers the security rules work fine.

Validation

Resolved in firebase/firebase-js-sdk GitHub issue #1491. Community reactions: 5 upvotes.

Verification Summary

Worked: 4
Partial: 1
Last verified Mar 14, 2026

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

firebasegooglesdkapi:-authapi:-firestoreneeds-attention