[英]Download file from firebase storage with HTTP request that anyone can download
我正在尝试使用 HTTP 请求从 firebase 存储桶下载文件。
bucket.file('<filepath>').getSignedUrl({
action: 'read',
expires: '03-17-2025'
})
.then((url: any) => {
console.log(url);
const xhr = new XMLHttpRequest();
xhr.responseType = 'blob';
xhr.onload = (event) => {
xhr.response;
};
xhr.open('GET', url);
xhr.send();
})
.catch((error) => {
console.log(error);
});
但是,当我这样做时,我得到“错误:调用者没有权限”。
我如何制作它以便任何人都可以通过链接下载它? 我以后可以担心权限和安全性,这只是为了测试。
安全规则:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /<folder>/{allPaths=**} {
allow read: if true; //allow anyone with link to read from the folder
allow write: if request.auth != null;
}
match /{allPaths=**} {
allow read, write: if request.auth != null; //all other locations are secured by auth
}
}
}
从错误消息( "Error: The caller does not have permission"
)和上述评论(即当前,您的存储安全规则是allow read, write: if request.auth;= null;
),看来您的安全规则防止用户使用getSignedUrl()
方法生成签名的 URL:
所以你应该:
request.auth
不是null
。 注意:在 Firestore 或 Cloud Storage 安全规则中使用allow read, write: if request.auth.uid != null
通常是不够的。 As a matter of fact it is not difficult to get your Firebase config values from your app, therefore someone can easily use the Auth REST API to create an account in your Firebase project.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.