Skip to content

Firebase storage 403 on delete #3279

New issue
New issue
Open
Open
Firebase storage 403 on delete#3279
@robindijkhof

Description

@robindijkhof
robindijkhof
opened on Oct 15, 2022

Version info

Angular: 14.1.0

Firebase: 9.6.10

AngularFire: 7.4.0

Other (e.g. Ionic/Cordova, Node, browser, operating system):
Mac
node 16.16.0
Chrome latest

How to reproduce these conditions

Failing test unit, Stackblitz demonstrating the problem

Steps to set up and reproduce

Sample data and security rules

private _getImagePath(): Observable<string> {
  return of('debug/users/%USERID%/images/exportimage'); //For demo purpose
}

// Succeeds
setImage(data: Blob): Observable<any> {
  return this._getImagePath().pipe(
    switchMap(path => new Observable(obs => {
      this.storage.ref(path).put(data).then(x => {
        obs.next(x);
        obs.complete();
      });
    }))
  );
}

// Succeeds
getMetadata(): Observable<any>{
  return this._getImagePath().pipe(
    switchMap(path => this.storage.ref(path).getMetadata())
  );
}

// Succeeds
getUrl(): Observable<string>{
  return this._getImagePath().pipe(
    switchMap(path => this.storage.ref(path).getDownloadURL())
  );
}

// fails
deleteImage(){
  return this._getImagePath().pipe(
    switchMap(path => this.storage.ref(path).delete())
  );
}

I get the same result from this._storage.storage.refFromURL(url).delete()

rules:

service firebase.storage {
  match /b/admob-app-id-5092275243.appspot.com/o {
    match /debug/users/{userId}/images/exportimage {
      allow read: if request.auth.uid == userId;
      allow write: if request.auth.uid == userId && 
        request.resource.size < 1 * 1024 * 1024 && 
        request.resource.contentType.matches('image/.*');
    }

    match /release/users/{userId}/images/exportimage {
      allow read: if request.auth.uid == userId;
      allow write: if request.auth.uid == userId && 
        request.resource.size < 1 * 1024 * 1024 && 
        request.resource.contentType.matches('image/.*');
    }
  }
}

Debug output

** Errors in the JavaScript console **
FirebaseError: Firebase Storage: User does not have permission to access 'debug/users/L7vT58BkdXQTHa6nF3hNgHVeHcq1/images/exportimage'. (storage/unauthorized)

** Output from firebase.database().enableLogging(true); **

** Screenshots **

Expected behavior

The image should be deleted

Actual behavior

403 unauthorised

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions