Pass parameters from the client directly for use in Sync Rules.
connect()
method:
request.parameters
(alongside the already supported request.user_id
).
In this example, only ‘posts’ from the user’s current page are synced:
request.jwt()
) instead, or use token parameters in combination with client parameters.
The following examples show secure vs. insecure ways of using client and token parameters:
request.jwt()
).
The below sync rules will display the warning:
Potentially dangerous query based on parameters set by the client. The client can send any value for these parameters so it’s not a good place to do authorization.
accept_potentially_dangerous_queries: true
in the bucket definition: