Menu
I am building a small web app using Firebase.
There is the steps :
The User connect (Firebase authentication)
The user upload an image (Firebase storage)
The user can download or see his images
<img [src]="imageFromFirebase">
The url given by firebase looks like :
https://firebasestorage.googleapis.com/v0/b/<Your API>/o/userData_YOQioOsgzUP0B0fTAa6BVK5KOxo2%2Fimages%2F-L-w7THGfT6qmX9UhLsK3.png?alt=media&token=61f6edf9-188e-4177-9ee2-34635ebc5a4a
With this URL, I can display the image on the browser only if the user is conneted.
The real problem is that I copied this URL and past it in another web browser (without being authenticated)
And SURPRISE !! this image is displayed !
I don't understand why the image is displayed ?
It is normal ?
Thank you !
650
When you generate a download URL for a file in Cloud Storage for Firebase, anyone who has the URL will be able to download its contents. This is by design. The URL is "unguessable", so only people who actually have the URL will be able to see the content.
If you don't want people to see that file, then don't share the URL. If the URL is accidentally shared to others who shouldn't have access, you can revoke the token that allows everyone to see the content.
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
