1

I'm trying to test a program on a local server that references a file in Firebase storage. Apparently I'm not allowed to do download files from my storage URL from servers other than Firebase's.

XMLHttpRequest cannot load https://firebasestorage.googleapis.com/v0/b/xyz123.... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. :8080/#/data:1 Uncaught (in promise) UnexpectedResponseException

How can I allow my localhost to download files from Firebase storage? I'm guessing that there's some way to allow this in the rules? Here's what my rules look like now:

service firebase.storage {
  match /b/xyz.appspot.com/o {  
    match /{allPaths=**} {
      allow read, write
    }
  }
}
sideshowbarker
  • 72,859
  • 23
  • 167
  • 174
David J.
  • 1,555
  • 11
  • 40
  • 84
  • Just realized this was already asked: http://stackoverflow.com/questions/37760695/firebase-storage-and-access-control-allow-origin?rq=1 – David J. May 15 '17 at 07:24
  • 3
    Possible duplicate of [Firebase Storage and Access-Control-Allow-Origin](http://stackoverflow.com/questions/37760695/firebase-storage-and-access-control-allow-origin) – Bradley Mackey May 15 '17 at 07:26

1 Answers1

0

Storage Security Rules must first specify the service (in our case firebase.storage), and the Cloud Storage bucket (via match /b/{bucket}/o) which rules are evaluated against. The default rules require Firebase Authentication, but here are some examples of other common rules with different access 

// Anyone can read or write to the bucket, even non-users of your app.
// Because it is shared with Google App Engine, this will also make
// files uploaded via GAE public.
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write;
    }
  }
}
rahlrokks
  • 371
  • 1
  • 2
  • 12