Reputation: 89
My firebase storage is not private despite the rules being set for private
Background: I'm building a React Native iOS app which will involve uploading images and being able to access them from within the app (but not publicly).
In my rules for Firebase storage, I have the following:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
As I understand this, only an authorized Firebase user should be able to access the files. However, I've uploaded an image which I can access in any browser:
Is there something wrong with my security rules? Thanks
Upvotes: 4
Views: 790
Answers (1)
Reputation: 8020
The link you have provided is a public URL that will/can be generated for all Firebase storage objects. It is called a download URL. It is considered to be unguessable, so you shouldn't have to worry about it being there. You will probably find that if you try and access your storage object via the Firebase storage framework (with the object path) you will not be allowed to do so.
Hope this answers your question
Update: For further info see this question
Upvotes: 7
Related Questions
- Firebase Storage Rules strange behavior
- Firebase Storage read security rules don't seem to be having any effect
- Firebase Storage: User not permitted to access object despite public rules
- Firebase storage security rules not working for folder
- Firebase Storage Rules - access granted doesn't match rules
- Firebase storage rules "unauthorized"
- Cannot access firebase storage rules
- Firebase storage security rules not working
- Firebase private rule not working for storage
- Firebase Storage security read rule ignored