Firebase Storage uses Google Cloud Platform for storage. GCP allows the option "Share publicly" on files to be able to view such files in a browser.
Here is the GCP documentation on this topic.
Here you can see the option available via the GUI on the GCP console.
Is it possible to enable the public option when uploading a file via Firebase?
Edit: I've enabled public reading on the whole bucket although it's not ideal.
gsutil defacl ch -u allUsers:R gs://<bucket>
Firebase Storage uses Google Cloud Platform for storage. GCP allows the option "Share publicly" on files to be able to view such files in a browser.
Here is the GCP documentation on this topic.
Here you can see the option available via the GUI on the GCP console.
Is it possible to enable the public option when uploading a file via Firebase?
Edit: I've enabled public reading on the whole bucket although it's not ideal.
gsutil defacl ch -u allUsers:R gs://<bucket>
1 Answer
Reset to default 7With Firebase Storage, you're given two URLs that you can use to represent files:
// "Private" internal URL, only accessible through Firebase Storage API
// This is protected by Firebase Storage Security Rules & Firebase Auth
gs://bucket/object
// "Public" unguessable URL, accessible by anyone with the link
// This is secured because that token is *very* hard for someone to guess
https://firebasestorage.googleapis./v0/bucket/object?alt=media&token=<token>
The second option allows you to share this public but unguessable URL with trusted individuals, and allows them to access content without authentication to Firebase or using your app--think sharing family photos with Google Photos. Likely this behavior will be good enough, unless you desire public sharing with clean URLs.
The third option, as you mention, involves going directly to the Google Cloud Storage console and making files publicly available with a clean URL, which isn't available via the Firebase Storage client. This would add a third URL:
// "Public" clean URL, accessible and guessable
// Not secure, typically used for public, static content
https://storage.googleapis./v0/bucket/object
Generally speaking, unless you want people to know and guess your content (hosting static content, website files, etc.), I would not share publicly via GCS, and almost definitely wouldn't go so far as to set the default ACL to always be public (what happens if you add a new feature and no longer want this behavior, you may forget to turn this back off again...).