问题
I am building the application which uses the Fiberbase Storage, I do not want the user to log in or signup, just allow them to upload files through my website only.
I don't want others to copy the Firebase config key and use in their website to upload a file on my firebase account, so I want to set up some rules which will restrict access over the certain domain
回答1:
There is no way to check for the domain that uploads come from in the Firebase security rules for Cloud Storage. You will have to use another approach to ensure only authorized users can upload data.
If the requirement for it to come from a certain domain is a must for your app, you'll have to set up an intermediary server (or Cloud Function) that receives the upload, validate that it comes from the domain you require, and then puts the file in the storage bucket.
来源:https://stackoverflow.com/questions/63938423/firebase-security-rules-for-domain-specific