skip to Main Content

I’m trying to add a Cloud CDN to my firebase storage bucket and I’m running into issues with the images being served by my bucket having a cache-control.

I have the following very broad firebase rule:

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read: if true;
    }
  }
}

Which I expect would allow all objects in my firebase bucket to be visible. My bucket is located at gs://lookieloo-app.appspot.com. I have a file which exists at /user-videos/test1.png.

I’ve set up a Cloud CDN to point to this bucket with the following details:

enter image description here

Note that the CDN is set up to cache static content.

My load balancer seems to be functioning well:

enter image description here

and my load balancer has the following IP addresses:

enter image description here

I expect that visiting http://35.190.28.68/user-videos/test1.png would result in the image being correctly loaded but instead I see that access is denied:

enter image description here

However, I find that if I manually edit the file permissions in Google Cloud Storage to have public access

enter image description here

then the image loads from the load balancer as expected (note the URL is the same as an earlier screenshot):

enter image description here

Interestingly, if I load the file from the firebase URL at https://firebasestorage.googleapis.com/v0/b/lookieloo-app.appspot.com/o/user-videos%2Ftest1.png and inspect the network response I see that the cache-control header has a value of private

enter image description here

How can I use Firebase Storage rules to make content in a specified folder publicly accessible such that it can be served by Cloud CDN?

2

Answers


  1. Chosen as BEST ANSWER

    The solution I found is to make two separate buckets - one for storing private objects and one for storing public objects. I then pointed my Cloud CDN load balancer to the bucket for public objects and marked that bucket as publicly accessible.

    Unfortunately, there's no way to mark specific objects as publicly accessible using the firebase storage rules system.


  2. Explained that Cloud CDN will serve content closer to users, which accelerates the websites and applications but it won’t bypass the permission in Google Cloud Storage. In order for Caching to work, make sure to Make all objects in a bucket publicly readable and it should meet the requirement for Cacheable content.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search