Firebase 存储安全规则不适用于文件夹
[英]Firebase storage security rules not working for folder
问题描述
I have the following rule in my Firebase Storage.
我的 Firebase 存储中有以下规则。 But still, I am able to access the images when I have the link that starts with "https://firebasestorage.googleapis.com/", even when I am not authorized/authenticated.但是,当我拥有以“https://firebasestorage.googleapis.com/”开头的链接时,即使我没有获得授权/身份验证,我仍然可以访问这些图像。 I have a folder called toyCarImages and I want to allow writes from the public and reads from only authorized accounts我有一个名为toyCarImages的文件夹,我想允许公众写入并仅从授权帐户读取
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
// allow read, write: if request.auth == null;
allow read: if request.auth != null;
allow write: if request.resource.size < 5 * 1024 * 1024
&& request.resource.contentType.matches('image/.*');
}
}
}
How can I fix this issue?我该如何解决这个问题? I am using getDownloadUrl() method in my application.我在我的应用程序中使用getDownloadUrl()方法。 How secure is it when using getDownloadUrl() ?使用getDownloadUrl()时有多安全?
Thanks in advance提前致谢
1 个解决方案
解决方案1
2 2020-09-19 14:56:20
A download URL gives public read-only access to the file to anyone who has that URL.下载 URL 为拥有该 URL 的任何人提供对该文件的公开只读访问权限。 Access to a file through a download URL is not secured by the rules of your storage bucket.通过下载 URL 访问文件不受存储桶规则的保护。
If you want to block a certain download URL, your only option is to revoke that URL from the Firebase console.如果您想阻止某个下载 URL,您唯一的选择是从 Firebase 控制台撤消该 URL。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.