Firebase 存储如何限制图像域?
[英]How Firebase Storage limit images domains?
问题描述
I use Firebase Storage to put images as image space, and then link to my blog, for example:
我使用 Firebase Storage 将图片作为图片空间,然后链接到我的博客,例如:
I checked "https://firebase.google.com/support/guides/security-checklist" it is mentioned我检查了提到的“https://firebase.google.com/support/guides/security-checklist”
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if false;
}
}
}
But it doesn't seem to mention how to restrict the domain, for example: the image can only be read in example1.com, not in example2.com但是似乎没有提到如何限制域,例如:图像只能在example1.com中读取,不能在example2.com中读取
1 个解决方案
解决方案1
0 2022-09-23 17:25:45
There is no way inFirebase's security rules for Cloud Storage to limit the domain that can read files. Firebase 的 Cloud Storage 安全规则没有办法限制可以读取文件的域。 You may be able to control that through Cloud Storage's configuration itself, but otherwise you'll want to look at Firebase App Check which ensures that only your own code can make API calls.您可能可以通过 Cloud Storage 的配置本身来控制它,但否则您需要查看 Firebase App Check ,它确保只有您自己的代码才能进行 API 调用。
Note: if you generate a download URL for a file in Cloud Storage, access through that URL (by design) bypasses the security rules and App Check, so will always be allowed.注意:如果您为 Cloud Storage 中的文件生成下载 URL,则通过该 URL(设计)访问会绕过安全规则和 App Check,因此将始终被允许。 Given your use-case "in blogs" that might apply here, but I wasn't sure.鉴于您可能适用于此处的“博客中”用例,但我不确定。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.