Alex Alber
unread,Apr 14, 2023, 5:19:08 PM4/14/23Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Firebase Google Group
Hi! At Fuxam, we are currently using NextJS API routes to upload files to our firebase storage bucket, but the serverless functions unfortunately have a 4.5mb limit. Vercel recommends uploading files directly from the frontend, which can easily be done with presigned URLs but since firebase (correct me if I’m wrong) doesn’t offer this feature, we are a bit lost.
We have set up CORS, but our bucket rules currently still allow all operations to all paths. We do not use firebase authentication because we have implemented one with a separate service (Clerk.com ). When trying to send our own request.auth header along with our requests, we couldn’t access any files at all anymore. What would be the right way to restrict access to certain paths in our bucket in this case? Also how can we ensure that nobody can intercept and modify the request headers if they are being sent directly from the frontend? Thanks a lot for your help!