I have created a public bucket using Firebase storage. The rules allow anyone to read the files. The issue is that with the public link, the user can use the partial URL to list everything in the directory. This can lead to IDOR vulnerability.
Any idea how to keep the files public but stop listing of directory items in a Firestore bucket?