问题
I want to set the security rules of the storage to be that only data that send from my web (specific web url) can be stored. Otherwise no one can write and read.
this is my code:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if true;
}
}
}
but this allows any one to store data. How can I restrict this to my url?
回答1:
In addition to Frank's reply. You can use Firebase authentication with anonymous user, so you can create one transparently when a user access your web site and secure the storage with it.
回答2:
There is no way to restrict what domains people can write from in security rules (as that can be quite easily spoofed).
To ensure all access to your files is authorized, implement Firebase Authentication, and then write rules that reflect what your (signed in) users are allowed to do. See the Firebase Storage documentation on user-based security for more on this.
来源:https://stackoverflow.com/questions/52869566/firebase-security-rules-storage-from-specific-web-url