ImNeos
Reputation: 567
Firebase Storage Rules - access granted doesn't match rules
Here is my rules :
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{country}/{type}/{allPaths=**} {
allow read, write;
}
}
}
For some reason I can write and read in this path : child(Test).child("Image.jpg") but it shouldn't be. I should only be able to write and read in this path child(Test).child(Test2).child("Image.jpg")
Test and Test2 are both variables.
Am I missing something?
Upvotes: 2
Views: 117
Answers (1)
Doug Stevenson
Reputation: 317467
It's working as I would expect. In security rules version 2, recursive wildcards (allPaths=**) match 0 or more path segments. So, your rule is matching country=Test and type=Image.jpg with nothing matched for allPaths.
If you want only two path segments, you'll have to get rid of the allPaths wildcard entirely. Or, consider calling out specific top-level path components instead of wildcarding everything.
Upvotes: 1
Related Questions
- Firebase Storage Rules strange behavior
- Firebase Storage read security rules don't seem to be having any effect
- Firebase Storage: User not permitted to access object despite public rules
- Firestore Security Rule denying read/write on firebase-storage
- Firebase storage rules for bucket not allowing access
- Firebase storage rules "unauthorized"
- Firebase Storage security rule error- User does not have permission
- Cannot access firebase storage rules
- Firebase storage security rules not working
- Firebase Storage security read rule ignored