Enable Cloud Storage

Last Updated: 29 Jan 2021

Step 1: Install gsutil

On Windows:

  1. Install gsutil using the Cloud SDK Installer > https://dl.google.com/dl/cloudsdk/channels/rapid/GoogleCloudSDKInstaller.exe

2. Before Finishing installation, make sure that the following are selected:

  • Start Google Cloud SDK Shell

  • Run 'gcloud init'

A Google Cloud SDK Shell terminal will appear. Let it initialize and then this line will appear:

To continue, you must login. Would you like to login (Y/n)?

Press Y to Sign In.


On other Operating Systems:

1. Install gsutil, follow this guide > https://cloud.google.com/storage/docs/gsutil_install#mac


Step 2: Set cors.json

  1. Download this cors.json file:

2. Navigate to your Cloud SDK directory.

3. Paste the cors.json file at this location

4. Open Cloud SDK Shell Terminal and run this command:

gsutil cors set cors.json gs://<your-cloud-storage-bucket>


What is cors.json?

CORS (Cross-Origin Resource Sharing) can be simply defined as rules that allow or block access to specified domains.

The cors.json file that you downloaded earlier allows access to any domain:

[

{

"origin": ["*"],

"method": ["GET"],

"maxAgeSeconds": 3600

}

]

The asterisk "*" means that it will allow access to any domain. You can replace it with your own domain name and then run the gsutil cors set to apply the CORS.


Firebase Storage Rules:

These default rules mentioned above will allow to Upload or Download data only if the user is Signed In using Authentication.

Temporarily, for Testing Purposes, you can allow uploads and downloads even if user is not Authenticated using these rules given below:

rules_version = '2';

service firebase.storage {

match /b/{bucket}/o {

match /{allPaths=**} {

allow read, write;

}

}

}


For minimum Security atleast use the Default Rules to allow only Authenticated Users to get access to your data:

rules_version = '2';

service firebase.storage {

match /b/{bucket}/o {

match /{allPaths=**} {

allow read, write: if request.auth!=null;

}

}

}


The above Rules won't protect you from attackers. To protect your app, Deploy customized Security Rules for your app.
For More info see this page: #Secure Your Firebase Project .