Home > Software engineering >  Why my firebase storage security rules are not enforcing and letting users upload images over the li
Why my firebase storage security rules are not enforcing and letting users upload images over the li

Time:02-10

I have setup my storage security rules to only allow authenticated users to post images that are less than 3mb with the following rule:

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
          // Only allow uploads of any image file that's less than 3MB
      allow write: if request.resource.size < 3 * 1024 * 1024
                   && request.resource.contentType.matches('image/.*');
      allow read, write: if request.auth != null;
    }
  }
}

However, I just tested from my client and I was able to upload a picture that is 14mb. I have given plenty of time for security rules to set.

How did I bypassed this rule?

CodePudding user response:

Please see enter image description here

As you can see, while your file size limit rule is working fine, the broader allow write: if request.auth != null; rule is still letting your request go through. This is what the other answers pointed out and what is included in the documentation:

If any of the “allow” rules for the method are satisfied, the request is allowed. Additionally, if a broader rule grants access, rules grant access and ignore any more granular rules that might limit access.

Page link:https//www.codepudding.com/Softwareengineering/295092.html

Prev:Infinte loop in UseEffect retrieval from Firestore
Next:Flutter - File() constructor "The argument type 'String' can't be assigned to th
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding