1

I'm trying to test a program on a local server that references a file in Firebase storage. Apparently I'm not allowed to do download files from my storage URL from servers other than Firebase's.

XMLHttpRequest cannot load https://firebasestorage.googleapis.com/v0/b/xyz123.... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. :8080/#/data:1 Uncaught (in promise) UnexpectedResponseException

How can I allow my localhost to download files from Firebase storage? I'm guessing that there's some way to allow this in the rules? Here's what my rules look like now:

service firebase.storage {
  match /b/xyz.appspot.com/o {  
    match /{allPaths=**} {
      allow read, write
    }
  }
}
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
David J.
  • 1,753
  • 13
  • 47
  • 96
  • Just realized this was already asked: http://stackoverflow.com/questions/37760695/firebase-storage-and-access-control-allow-origin?rq=1 – David J. May 15 '17 at 07:24
  • 3
    Possible duplicate of [Firebase Storage and Access-Control-Allow-Origin](http://stackoverflow.com/questions/37760695/firebase-storage-and-access-control-allow-origin) – Bradley Mackey May 15 '17 at 07:26

1 Answers1

0

Storage Security Rules must first specify the service (in our case firebase.storage), and the Cloud Storage bucket (via match /b/{bucket}/o) which rules are evaluated against. The default rules require Firebase Authentication, but here are some examples of other common rules with different access 

// Anyone can read or write to the bucket, even non-users of your app.
// Because it is shared with Google App Engine, this will also make
// files uploaded via GAE public.
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write;
    }
  }
}
rahlrokks
  • 451
  • 1
  • 4
  • 12