Firebase Memory Tokens Overview

Question

Firebase Memory Tokens Overview

I am trying to understand how tokens work in Firebase Storage.

Whenever my web application uploads an image to FS, it adds a token to its public URL. The problem is that whenever you upload the same image file to another part of the web application, it seems that you will not get a different file and a different token for the already downloaded url file, which makes a 403 error for the previous registered image display .

Is there any way to solve this problem?

Example:

storageRef.put(picture.jpg); uploadTask.snapshot.downloadURL // returns something like https://firebasestorage.googleapis.com/v0/b/<your-app>/o/picture.jpg?alt=media&token=09cb2927-4706-4e36-95ae-2515c68b0d6e

This url is then displayed somewhere inside img src.

 <img src="https://firebasestorage.googleapis.com/v0/b/<your-app>/o/picture.jpg?alt=media&token=09cb2927-4706-4e36-95ae-2515c68b0d6e">

If the user repeats this process and uploads the same picture.jpg file in another section of the application, instead of receiving a new copy in Firebase Storage, the file is overwritten with a URL ending with a new token; let's say 12345.

So:

  <img src="https://...picture.jpg?alt=media&token=12345"> // New upload renders fine <img src="https://...picture.jpg?alt=media&token=09cb2927-4706..."> // But old upload breaks because of wrong url

+7

javascript firebase firebase-storage

cerealex Sep 2 '16 at 13:35

source share

2 answers

If you upload files to the makePublic() function, you need to call makePublic() on the referenced object to make it accessible without a valid token.

0

haxpanel May 01 '19 at 9:15

source share

Benjamin wulfe · Accepted Answer · 2016-09-02T16:31:59+0000

Tokens are unique to a specific download version. If you overwrite the file with new content, a new token will be generated with a new unrecognized URL.

In other words, tokens are unique to a specific blob - they are not unique to each storage location. We did this as an increased security measure so that developers and end users do not accidentally disclose data that they did not plan.

You can, however, translate the repository location ("gs: //mybucket/myfile.png") into the download URL using our js SDK. That way you can pass gs uri if you want and translate it to the full url as soon as you want to put it in the image.

See: https://firebase.google.com/docs/reference/js/firebase.storage.Reference.html#getDownloadURL

Firebase Memory Tokens Overview

More articles: