0

I've read the documentation and I just don't get the fundamental concept about how to access files.

I want to use Firebase Storage in a web app. I have pre-uploaded images that should be accessible to the public. I see that when you upload from the Firebase Console, you get a link to that asset. I see that the token is in the URL and that you can revoke this token, (See screenshot)

So... is that url with the token supposed to be secret? It would be bad to use that link in public html, right?

If so, how can I generate a public link that I could use in an <img src="link-here.com" /> ?

firebase console image upload screenshot

Improve this question

1 Answer 1

Reset to default
1

is that url with the token supposed to be secret?

It's a secret that gets shared with everyone who should be able to access the object.

It would be bad to use that link in public html, right?

Only if that would expose access to those who should not be able to download the object.

how can I generate a public link that I could use in an ?

Follow the instructions in the documentation for downloading data via URL. You will use getDownloadURL() to asynchronously get a URL that has the token embedded in it.

Improve this answer
2
  • Thank you! Just a follow up about security rules. I'm guessing the security rules are there to manage which account(s) can use the getDownURL() function for specific objects? And as you stated... if you just list the link publicly, then the security rules won't matter.
    – Marcus Gallegos
    Commented Aug 31, 2020 at 19:26
  • Correct, the download URL bypasses the security rules. But to generate a download URL, you need to be able to read the object.
    – Frank van Puffelen
    Commented Aug 31, 2020 at 19:59

Not the answer you're looking for? Browse other questions tagged or ask your own question.