Firebase Storage Safety
This image link that is written as CH-1 E W F NI am confused whether firebase storage is safe as I was building notes app for my institution and I secured my storage to allow only read for authenticated users. Despite doing this I noticed that there was a link when I opened that link on incognito so I was able to view my file how??? Incognito, I was not signed in...
I followed a link given in storage (firebase) of a file that I had uploaded and I was surprised when I was able to access it in incognito. I had also set up rules denied clearly for users who were not authenticated.
My guess is that you've found a so-called download URL, which is a URL that provides public, read-only access to the file. So this URL (intentionally) bypasses the security rules you set.
If you uploaded the file through the Firebase console, such a download URL is auto-generated. You can revoke it from the Firebase console too by clicking the Revoke link next to the Access token label for the file.
If you're uploading files through the API, no automatic download URL is generated for the file. In that case it is important that you don't generate a download URL yourself from your code anywhere (by calling an API getDownloadURL).
- facebookAuthCredential.idToken is null in Flutter
- sendPasswordResetEmail is sending email even if the user does not exist
- how to automatically deploy to firebase on commit to main branch?
- Framework 'FirebaseFirestoreInternal' not found after installing @react-native-firebase/firestore?
- Sending data with push notification to Android with PHP
- Firebase doesn't return data after applying orderBy function
- Firebase Firestore getting data from a nested collection in jetpack compose
- How to upload dsyms files which developed with Flutter?
- Same package name for iOS and Android apps in Firebase
- `firebase deploy` error "Project has no namespace"
- Where can in install the Firebase App Tester app?
- Send push notification to Android device with PHP
- Firebase Realtime Database Requests Timing Out on Vercel Deployment But Working Locally
- Database structure when creating a map app
- Notion API - Notion database model is also a block?
- Android - Firebase realtime database not updating when app in background
- Firebase token error TOO_MANY_REGISTRATIONS
- How can I add a "I accept the terms & privacy policy" checkbox to Google Firebase Authentication UI?
- Flutter MacOS : Additional implementation for sign in with google
- Billing for a Firebase Storage rule that access Firestore
- How to avoid Blur image capture in firebase ML Kit’s Face Detection API
- Firebase error with CORS when running on localhost
- Using one signal for two observables that resolve at different times in Angular
- How To Use Event Arc Locally For Cloud Run?
- "Firebase Hosting Setup Complete" after deploy
- Genkit using retriever context and tools causes error
- Detect whether firebase app is hosted by emulator or in production
- API key not found. Check that com.google.android.geo.API_KEY Error in expo development build
- Firebase error: Function failed on loading user code (node.js)
- Algolia Search Firebase Extension not tracking firestore database collection after install