Cloud Storage - Disabled Public Access Prevention, but Failed
Okay, I was using Flutter and Firebase to upload data into Cloud Storage. I gained the downloadURL which can be accessible on web if people know the URL. I had enabled Public Access Prevention in Google Cloud Storage Console based on this doc and chose Access Control Uniform for this on doc.
I also had added Security Rule in Firebase Cloud Storage, so only Users with certain custom token can use it. But, it seems useless as everyone can get its downloaded URL. My question is why is that I still able to access the file if I am using the same URL which was I stored in Firestore? You can test it on this url.
Can hacker get the download URL I downloaded from Firestore? Is there a secure way to download song from Firebase Cloud Storage so hacker won't get its URL?
Thank you for helping me out.
Updated v2: I just found out that current audio file has its own AuthenticatedUrl as shown on this picture below. How can I get access to this url?
Updated v1:
I think I haven't activated Firebase App Check. Does this feature have ability to prevent it from being accessed publicly or maybe there is other things that I have to do to be able to prevent it being accessed publicly, beside all ways I described above???
Security rules only check if a user can get the download URL and do not restrict anyone from using it. You can use the getData() method instead. It doesn't return any URL and downloads the files directly and is controlled by security rules. So a user must be authenticated to fetch them.
- Connecting blocs through domain layer: How to listen to one stream from multiple blocs?
- How to hide Android StatusBar in Flutter
- CLIENT_ID, REVERSED_CLIENT_ID and ANDROID_CLIENT_ID missing from GoogleService-Info.plist with Firebase on IOS
- Building glassmorphic bottom navigation bar in flutter
- Flutter: PlatformException when trying to get Google Sign-In access token
- uses-sdk:minSdkVersion 16 cannot be smaller than version 19 declared in library [:cloud_firestore]
- flutter app is crashing the moment it launches
- How to fill a Flutter Floating Action Button with an image?
- How to solve OS Error: Permission denied, errno = 13 in flutter
- I don't know how to mock Riverpod's Provider with mockito
- API internal error 500 in app and working fine in the server
- How to format input currency (from right to left) on a TextField in Flutter?
- Flutter JSON Serialization - Not generating *.g.dart files
- Divide a Row into two equal halves in Flutter
- Integrate a Flutter app in to another Flutter app
- Flutter: include of non-modular header inside framework module 'firebase_core.FLTFirebasePlugin'
- Flutter package easy_localization plurals not working as expected
- Flutter: How to show log output in console and automatically store it?
- Flutter App hangs at build: Loading a Json Asset and Using Riverpod
- Don't put any logic in createState after installing flutter_lints in Flutter
- How to create a blur with a linear gradient in Flutter
- How to change language of Show date picker in flutter
- How do I replace `serviceWorkerVersion` with `{{flutter_service_worker_version}}` template token?
- Xcode 14: Command PhaseScriptExecution failed with a nonzero exit code
- Unable to load standard library for target 'arm64-apple-ios10.0'
- How can I refactor the functions in my Flutter StatefulWidget?
- Could not create an instance of type com.android.build.api.variant.impl.LibraryVariantBuilderImpl. [Flutter]
- Web-like footer in Flutter
- How to center the title of an appbar
- How to Pick files and Images for upload with flutter web