I am trying to download images from Firebase storage but I am getting errors.
E/StorageUtil: error getting token java.util.concurrent.ExecutionException: com.google.android.gms.internal.zzanu: Please sign in before trying to get a token.
W/NetworkRequest: no auth token for request
However, I have my rules set up like this:
service firebase.storage {
match /b/<myappnameredacted>.appspot.com/o {
match /{allPaths=**} {
allow read, write;
}
}
}
Your rules are not like in the Firebase Storage Security Rules Documentation.
For make all your files public (for anyone), use :
// Anyone can read or write to the bucket, even non-users of your app.
// Because it is shared with Google App Engine, this will also make
// files uploaded via Google App Engine public.
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write;
}
}
}
For make all your files readable (for anyone), use :
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read;
}
}
}
You can also make only your image readable / writable, see the Firebase Storage Security Rules Documentation.
Related
I am trying to get images from firebase firestore, while trying to get image download url there is this exception :
W/StorageUtil(10206): no auth token for request
(similar questions with this error not solve the problem)
Although my security rules allow read and write I getting this error still.
Any ideas what is the problem with this?
Code for getting image url :
static Future<dynamic> loadImage(BuildContext context, String image) async {
return await FirebaseStorage.instance.ref().child(image).getDownloadURL();
}
Calling this loadImage function :
Future<Widget> getImage(BuildContext context, String imgName) async {
Image image;
await FireStorageService.loadImage(context, imgName).then((value) {
print(value);
image = Image.network(value.toString(), fit: BoxFit.scaleDown);
return image;
});
}
Calling this getImage function :
child: FutureBuilder(
future: getImage(context, "/images/test1.jpg"),
...
)
My firebase storage rules :
rules_version = '2';
service firebase.storage {
match /images/{imageId} {
allow read,write;
}
}
Storage Rules ss:
My firebase store currently :
Navigate to Firebase console
In Sidebar under Develop open Storage
Open Rules tab replace the rule on your console with the rule below:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write
}
}
}
And Publish
Done
(2022): Recently, I solved with following the Firestore basic security rules (for authenticated user):
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
You can see this in their website: https://firebase.google.com/docs/rules/basics?authuser=1#cloud-storage_1
I do not suggest that using allow read, write; directly. If your application has a authentication, then you need to check if auth is null or not.
I fixed it by changing the rules.
Go to Firebase project>Storage>Rules.
By default, you are not allowed to upload on Firebase so you have to change that.
Default rules
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if false;
}
}
}
Change allow read, write: if false; to allow read, write;
Go to Project Settings -> App Check -> Products
Change the Storage from Enforce -> Unenforced
This works for me by changing the rules in firebase.
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write
}
}
}
I am new in firebase, so the question that i want to ask is how to set firebase security rules as public. Anyone know the code?
Here is the security rules of my firebase now:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read;
allow write: if request.auth != null;
}
}
}
Your question wasn't entirely clear on what "set firebase security rules as public" specifically means. Your rules already allow full public read access to your default storage bucket. If you want to also allow full public write access, simply remove the condition from the "allow write" line.
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read;
allow write;
}
}
}
This is generally a bad idea, as it allows anyone with an internet connection to fully modify and delete anything and everything in your storage bucket. If you want to learn how to correctly use security rules, you should start with the documentation.
I'm using Firebase Firestore to collect user information in my current Android app. But I didn't quite get the Firestore rules. I write the rule like this:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
But I want to user access the database even there's no current user because when the user sign up I'm checking the database if there's a current phone number in the database if not user can sign up this phone number. Thank you
// Allow read/write access to all users under any conditions
// Warning: **NEVER** use this rule set in production; it allows
// anyone to overwrite your entire database.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}
Not recommended: Read and write access to all users.
Have a look at Fix insecure rules documentation from firebase for more details.
I have a cloud function that responds to firestore events.
I want this cloud function to manipulate files on the storage of the same project.
const file = admin.storage().bucket().file('dataPackages/logos/pizza.png');
console.log('file exists', file.exists());
The project has anonymous authentication enabled, and the rules for the storage are
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
// allow read, write: if request.auth!=null;
allow read, write: if true;
}
}
}
For some reason I get this error
ApiError: shakescratchpad#appspot.gserviceaccount.com does not have storage.objects.get access to shakescratchpad.appspot.com/dataPackages/logos/pizza.png
I have a firebase storage download url, like
https://firebasestorage.googleapis.com/v0/b/siren-5eee7.appspot.com/o/profile%2FC6jNlR0F4cZBPv7wF0REWUNVor33?alt=media&token=63a9130e-2ba6-4f38-ac3f-2231c54a1043
How can I access this url without token parameter?
For example, If I access above url without token there will be 403 error showing permisson denied.
My firebase storage secure rule is below :
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
This file located in /etc file. How can I do it?
Try changing rule:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read;
allow write: if request.auth != null;
}
}
}
In case you need the rule to allow accessing only the images without a token you have to do the following:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read: if request.auth!=null || resource.contentType.matches('image/.*');
allow write: if request.auth!=null;
}
}
}
From what I understand, you're trying to make the whole bucket publicly available. Using Firebase access rules might not be best, you might want to make the bucket read access available via Google Cloud's Storage layer.
To do that, one of the easiest way is using the Google Cloud Console Storage.
Select the bucket, click the bucket to configure and open the permissions tab.
Since this is Firebase managed bucket, it would have what Google called fine-grained access control. Don't worry, adding public access is quite simple.
Click Add members button, then, on the sidebar, add in allUser as new member, and give it the role of Storage > Storage Object Viewer. You can see more detail in the Storage Docs.
This will make the bucket publicly viewable via <bucketname>.storage.googleapis.com.
If you created extra bucket in Firebase that match a domain you own and verified in Google Search Console, you can create a bucket of named after your custom domain and have it publicly accessible using a CNAME of the custom domain that points to c.storage.googleapis.com. You can see more detail at Storage Endpoints Docs, Google Cloud's docs explain it much better than I can. Hope this helps!
If you need to access to certain url (image) without token parameter use the rule below:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /images/users/default.png {
allow read;
}
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
If you need to access to certain folder without token parameter use the rule below:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /images/{wildcardpath=**} {
allow read;
}
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
Note: Change the url or folder to yours