Firebase storage security rules not working for folder
Question
I have the following rule in my Firebase Storage. But still, I am able to access the images when I have the link that starts with "https://firebasestorage.googleapis.com/", even when I am not authorized/authenticated. I have a folder called toyCarImages and I want to allow writes from the public and reads from only authorized accounts
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
// allow read, write: if request.auth == null;
allow read: if request.auth != null;
allow write: if request.resource.size < 5 * 1024 * 1024
&& request.resource.contentType.matches('image/.*');
}
}
}
How can I fix this issue? I am using getDownloadUrl() method in my application. How secure is it when using getDownloadUrl() ?
Thanks in advance
1 answers
solution1
2 2020-09-19 14:56:20
A download URL gives public read-only access to the file to anyone who has that URL. Access to a file through a download URL is not secured by the rules of your storage bucket.
If you want to block a certain download URL, your only option is to revoke that URL from the Firebase console.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.