Nice post!
Was actually looking for this. Do you know if there is also an "easier" way to limit all read/write only from 1 specific domain?
I know just limited the API key in Google console, was wondering if Firebase rules could also do something like that.