'Firebase Security Rules Storage from specific web url
I want to set the security rules of the storage to be that only data that send from my web (specific web url) can be stored. Otherwise no one can write and read.
this is my code:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if true;
}
}
}
but this allows any one to store data. How can I restrict this to my url?
Solution 1:[1]
In addition to Frank's reply. You can use Firebase authentication with anonymous user, so you can create one transparently when a user access your web site and secure the storage with it.
Solution 2:[2]
There is no way to restrict what domains people can write from in security rules (as that can be quite easily spoofed).
To ensure all access to your files is authorized, implement Firebase Authentication, and then write rules that reflect what your (signed in) users are allowed to do. See the Firebase Storage documentation on user-based security for more on this.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | joshpetit |
Solution 2 | Frank van Puffelen |