Reputation: 2339
Firebase storage security rules not working for folder
I have the following rule in my Firebase Storage. But still, I am able to access the images when I have the link that starts with "https://firebasestorage.googleapis.com/", even when I am not authorized/authenticated. I have a folder called toyCarImages and I want to allow writes from the public and reads from only authorized accounts
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
// allow read, write: if request.auth == null;
allow read: if request.auth != null;
allow write: if request.resource.size < 5 * 1024 * 1024
&& request.resource.contentType.matches('image/.*');
}
}
}
How can I fix this issue? I am using getDownloadUrl() method in my application. How secure is it when using getDownloadUrl()?
Thanks in advance
Upvotes: 0
Views: 179
Answers (1)
Reputation: 598728
A download URL gives public read-only access to the file to anyone who has that URL. Access to a file through a download URL is not secured by the rules of your storage bucket.
If you want to block a certain download URL, your only option is to revoke that URL from the Firebase console.
Upvotes: 2
Related Questions
- Firebase storage rules for writing at specific path not considered
- Firebase Storage rule different for a specific folder
- Security rules : FirebaseError: Missing or insufficient permissions
- why am i not able to write data to firebase after i updated security rules
- Firestore Security Rules Being Rejected
- Firestore Security Rule denying read/write on firebase-storage
- Cant get Firebase Storage security rules to refuse access to a file
- Firebase Storage security rule error- User does not have permission
- Firebase storage security rules not working
- Firebase private rule not working for storage