I'm faced to an issue with firebase cloud storage rules. In fact I want to restrict access to unlogged user to my files in my storage. I wrote a basic rule that shloud not give access to the unlogged user but that doesn't works.
My rules in cloud storage on firebase console:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null && request.auth.uid != ''
}
}
}
Use case: If I open a window in incognito mode, the file can be open by entering the download URL link provided by firebase storage (nevertheless it should not be the case with that rule).
Ps: As I can see on this related post and this one, the url link is a public ressource (not editable) and the token provided on the URL is secure, so no one on the net can access to my cloud storage ? But in that case how to authorized access to certain file to certain user ? Example: I have files from differents companies, I don't want a person from company A has access to a file from company B. How to control access to that file (download URL link with his token) Thanks