firebase storage bucket and Fastly CDN integration

Question

In order for me to get Fastly working with firebase storage I had to add the following permissions on each image and the storage bucket: Entity: User, Name: AllUsers, Access: Reader. Is there a way to avoid this tedious and unscalable method, since its all user uploaded media?

My firebase storage security looks like the following:

service firebase.storage {
  match /b/myapp.appspot.com/o {
match /proUsers/{userId}/{allPaths=**} {
      allow read, write: if request.auth.uid == userId || request.resource.size < 2 * 1024 * 1024 || request.resource.contentType.matches('image/png') || request.resource.contentType.matches('image/jpeg'); 
    }
  }
}

the error I receive on fastly is that: Anonymous users does not have storage.objects.list access to bucket and if I try to access image directly I get the error: Anonymous users does not have storage.objects.get access to object

Where do I allow for anonymous users to have read capabilities? I assumed setting allow read did precisely this.

score 0 · Answer 1 · answered Jan 23 '18 at 22:49

To allow anonymous users to read from your database (but not write) you can change your rules to this:

service firebase.storage {
  match /b/myapp.appspot.com/o {
match /proUsers/{userId}/{allPaths=**} {
      allow write: if request.auth.uid == userId || request.resource.size < 2 * 1024 * 1024 || request.resource.contentType.matches('image/png') || request.resource.contentType.matches('image/jpeg');
      allow read;
    }
  }
}

firebase storage bucket and Fastly CDN integration

1 Answers1