问题
When I simple "took" a images on firebase console it create me automatically a download url like https://firebasestorage.googleapis.com/XXX/YYY/XXX/name.jpg?alt=media&token=.
I wanna have my file super-secured, how I can remove this download url or revoke this token?
回答1:
The Firebase console provides a "revoke" option next to the download URL which can be used for this (look under the "File Location" tab). You should use Firebase rules to properly secure your assets, if object-level security is important to you: https://firebase.google.com/docs/storage/security/
回答2:
There's no way you can restrict that url (not even through security rules). It is always public but note that it is unguessable. There is also a revoke option through Firebase console just in case the URL leaks.
回答3:
As pointed by others you don't need to be concerned about this URL as in practice is very hard to guess. However you should not share it or use it as entry point to the application. Instead you should use the Signed URLs support provided by Google Cloud.
来源:https://stackoverflow.com/questions/48626687/firebase-revoke-token-on-download-url