Reputation: 2558
Accessing Firebase Storage images without .getDownloadUrl
I really need to be able to access images in my firebase storage dynamically by creating a URL. Something that would look like this:
https://firebasestorage.googleapis.com/v0/b/<bucket>.appspot.com/o/userImages%2F<userUID>2%2F<imageUID>?alt=media
I know it it would be possible since I managed to load the image in my browser. However, my concern is security.
I would need to set the rule allow read: if true; for this to work
If someone with bad intentions wanted to see users' images, would they be able to see all the images in my bucket or would they need to guess the userUID and the imageUID?
Upvotes: 0
Views: 165
Answers (2)
Reputation: 41
The rules don't work on the URLs. BUT the download URL has a token in it which can be generated by you or is generated by the bucket by default a UUID which is always unique.
Upvotes: 0
Reputation: 317552
What you're asking isn't possible without custom code. Direct download URLs are not affected by Firebase security rules at all.
If you want to limit access to direct download URLs of any kind, you will need some sort of custom backend service that checks the end user's permission before delivering the content. This means you will have to create your own endpoint that serves the content of the file in Storage.
Upvotes: 1
Related Questions
- Get Image URL from Firebase
- Retrieve Firebase storage image without getting downloadurl flutter
- Is it possible to access Firebase Storage resource URL directly?
- Use a CDN to access Firebase Storage objects through their Download URL?
- Retrieving images from firebase storage
- Firebase Storage : downloading an access protected image by using http url path and custom access token
- Firebase storage: files always accessible via URL?
- "Firebase Storage", for images - but, get the actual URL?
- Get image from Firebase without uploading it via phone
- Firebase getDownloadURL From Storage Unable To Set Img Src