0

According to these answers The following should allow red anyone access and write authorized user:

rules_version = '2';
service firebase.storage {
  match /b/example-bda7b.appspot.com/o {
    match /{allPaths=**} {
      allow read;
      allow write: if request.auth != null;
    }
  }
}

bucket name is: example-bda7b.appspot.com/o

However when I go to the uri: 

http://storage.googleapis.com/example-bda7b.appspot.com/images/someone-Lopez.jpg

I get an error:

<Error>
<Code>AccessDenied</Code>
<Message>Access denied.</Message>
<Details>
Anonymous caller does not have storage.objects.get access to example-bda7b.appspot.com/images/Aaliyah-Lopez.jpg.
</Details>
</Error>

Any idea why?

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
FabricioG
  • 3,107
  • 6
  • 35
  • 74

1 Answers1

2

Security rules only control access to objects storage buckets when going through web and mobile clients using the Firebase SDKs for those platforms (e.g. Android, iOS, web, Unity). It doesn't have any effect on access via URLs in the domain "storage.googleapis.com".

Even though Cloud Storage is a Google Cloud product, Firebase security rules are a concept unique to Firebase. So you can expect that they only work with the Firebase entrypoints into Cloud Storage. Please read this article to better understand the relationship between Firebase and Google Cloud.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
  • Ah ok I got it, that's how I was going to access it, I was just assuming I could test it form a direct hit. Thank you! – FabricioG Feb 09 '20 at 05:22
  • I posted another question but maybe you could point me in the right direction. How can I use the storage direct domain? Do I have to run getdownloadUrl in firebase again even thou I have the full path? https://stackoverflow.com/questions/60134010/how-to-display-firebase-storage-img/60134028#60134028 – FabricioG Feb 09 '20 at 06:27