I have a cloud function which will generate signed url for the uploaded file into the firebase storage and was able to generate the signed url:
const result = await Promise.all([
storageRef.getSignedUrl({
action: "read",
expires
}),
storageRef.getSignedUrl({
action: "write",
expires
})
]);
And when I tried to access the file with write access from that url via browser, below is the error message i was getting:
<Error>
<script/>
<Code>SignatureDoesNotMatch</Code>
<Message>Access denied.</Message>
<Details>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Details>
<StringToSign>GET 1709282976 /mystorage.appspot.com/files/-NrBwOCgu226c7DtrgPh/7zEiXfTaen25qDzIpuy4.pdf</StringToSign>
</Error>
The read access link/token works fine, but the write access toekn does not. Is there a way to:
- Solve this write access token
- Create a signed url with read AND Write access in one token?
My firebase storage rules are already public so I dont know what the issue is.
Firstly, Firebase security rules have no effect on signed URLs. A signed URL is a GCP concept only and Firebase does not apply.
I don't see that there's anything wrong with the URL using for writing. If you load it into a browser, that will be a read action, not a write action. I would not expect a URL creating for writing would work for reading.
There is nothing in the documentation that suggests a single signed URL can be used for multiple types of actions. You must choose which action to allow for that URL: "read", "write", "delete", or "resumable". So, if you want to perform multiple actions, you will need a URL for each action.