Menu
Background: I'm building a React Native iOS app which will involve uploading images and being able to access them from within the app (but not publicly).
In my rules for Firebase storage, I have the following:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
As I understand this, only an authorized Firebase user should be able to access the files. However, I've uploaded an image which I can access in any browser:
https://firebasestorage.googleapis.com/v0/b/boiling-heat-632.appspot.com/o/download.jpeg?alt=media&token=7a8708c5-3dda-4088-b456-6dffd6ffc006
Is there something wrong with my security rules? Thanks
830
The link you have provided is a public URL that will/can be generated for all Firebase storage objects. It is called a download URL. It is considered to be unguessable, so you shouldn't have to worry about it being there. You will probably find that if you try and access your storage object via the Firebase storage framework (with the object path) you will not be allowed to do so.
Hope this answers your question
Update: For further info see this question
68
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
