Firebase Tutorial
- Home
- Introduction
- Project Setup
- Authentication (Email/Pass)
- Social Authentication
- Cloud Firestore (Basics)
- Firestore Queries
- Real-time Updates
- Firestore Security Rules
- Cloud Storage
- Storage Security Rules
- Cloud Functions (Intro)
- Triggering Functions
- Firebase Hosting
- Firebase Analytics
- Crashlytics & Performance
- Remote Config
- App Check
- Offline Persistence
- Firebase with Next.js
- Best Practices
Storage Security Rules
Similar to Firestore, Cloud Storage uses security rules to manage access to your files.
1. Basic Structure
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /<path>/{allPaths=**} {
allow read, write: if <condition>;
}
}
}2. Common Scenarios
Public Read (e.g., Public Assets)
allow read: if true;Authenticated Users Only
allow read, write: if request.auth != null;Limit File Size & Type
Check request.resource to validate incoming files.
match /images/{imageId} {
allow write: if request.resource.size < 5 * 1024 * 1024 // 5MB
&& request.resource.contentType.matches('image/.*');
}Note: Storage rules can also reference Firestore data to make complex access decisions (e.g., checking if a user is an admin in a Firestore collection).
