Proper Way to display images from Firebase Storage

Question

From what I´ve read from the official firebase documentation and after watching this firecast my understanding is that in order to display images on a client there are two approaches:

The first is server based,using functions and writing the SignedUrls to the database.

The second is client based using StorageReference and pointing to the desired path in storage.

I have decided to follow the second approach due to the fact that the Firebase client SDK gives you the ability to directly query a storage photo for additional useful information about the photo (creation date,metadata etc) without the need of creating additional entries in the database (like in the SignedUrl case by using functions.storage.ObjectMetadata).

My questions are:

1) can the bucket name or the full internal photo path be used in the client code without any security risks?

The path form may be: gs://myapp.appspot.com/bucket_folder/username/photoname.PNG (non-default bucket)

2) Are there any drawbacks by using the client SDK method over the server-produced SignedUrls?

Answer 1

There are two ways to access items in Cloud Storage through the Firebase SDK:

1. By using the Firebase SDK methods to access the data.

2. By using the download URL.

When you use the download URL, the user doesn't have to be signed in. But the user can only ever read the file and (as you discovered) will only have access to the raw payload of the file, not the metadata.

When you use the other methods of the Firebase SDK, your access is controlled by the security rules. So your user may have to sign in.