8
votes

I've setup firebase auth and cloud storage on my application. Whenever I try to upload a file, however, I'm getting an error I can't find any information about. The error is a 400: Bad Request with the following message

Listing objects in a bucket is disallowed for rules_version = "1". Please update storage security rules to rules_verison = "2" to use list.

I can't seem to find anything about updating security rules_version. Note, when I look at the firebase console, the upload actually successfully goes through, but the HTTP return is still the error above. What does it mean by listing objects, and how can I update my security rules?

For more information, my upload code (in Kotlin) is

 fun uploadImage(uri: Uri, path: String): Task<Uri> {
            val storageRef = FirebaseStorage.getInstance().reference
            val storagePath = storageRef.child(path)
            return storagePath.putFile(uri).continueWithTask{ storageRef.downloadUrl }
 }

I call it with

public override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
        if (requestCode in 0..2 && resultCode == Activity.RESULT_OK) {
            val cropImageUri = CropImage.getActivityResult(data).uri
            val systemTime = System.currentTimeMillis()
            val path = "$userId/$systemTime"
            //IMAGE UPLOAD HERE:
            FirebaseImageResource.uploadImage(cropImageUri, path)
                    .addOnCompleteListener {
                if (it.isSuccessful) {
                    GlideApp.with(this)
                            .load(cropImageUri)
                            .into(imageViewForPosition(requestCode)!!)
                    imageUris[requestCode] = it.result.toString()
                }
            }
        }
    }

My firebase rules are the default:

service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write: if request.auth != null;
    }
  }
}

I'm also successfully authing with Facebook Login

override fun onSuccess(loginResult: LoginResult) {
                val credential = FacebookAuthProvider.getCredential(loginResult.accessToken.token)
                auth.signInWithCredential(credential)
            }

(It lacks a success listener right now, but I know it's working because when I don't use it, I get an unauthorized error instead, and the file doesn't actually upload)

3
The Firebase team has created an issue on GitHub for you. Could you check in there and answer some questions about this problem? github.com/firebase/firebase-android-sdk/issues/429Doug Stevenson

3 Answers

19
votes

You need to prepend this to your Firebase Storage rules:

rules_version = '2';

An example is this:

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write: if request.auth != null;
    }
  }
}

I suspect that this is a case of a not-so-helpful error message.

2
votes

Just replace your upload code from

fun uploadImage(uri: Uri, path: String): Task<Uri> {
        val storageRef = FirebaseStorage.getInstance().reference
        val storagePath = storageRef.child(path)
        return storagePath.putFile(uri).continueWithTask{ storageRef.downloadUrl }} 

to

fun uploadImage(uri: Uri, path: String): Task<Uri> {
        val storageRef = FirebaseStorage.getInstance().reference
        val storagePath = storageRef.child(path)
        return storagePath.putFile(uri).continueWithTask{ storagePath.downloadUrl }}
0
votes

I solved it with the following setps

  1. Sign in Firebase console
  2. Select project
  3. Click Storage button
  4. Select Rules tab
  5. Insert top "rules_version = '2';"