public image urls requiring token
zidkim opened this issue ยท 15 comments
Bug report
Describe the bug
A clear and concise description of what the bug is.
The docs states that for public buckets, we can access the assets without a token or auth header and we can do so using getPublicUrl.
- When accessing public files from storage using
getPublicUrl, I get a 404 error, "Not Found". - When copying the url of the asset from the dashboard, I get a url with generated token. When that token is removed, I get "querystring should have required property 'token'"
To Reproduce
- Ensure policies for bucket has SELECT access set to public. One way to do this is to use the auto generated 'avatars' bucket when creating a new project. This is the bucket I was using.
- Get url of asset by either going to the dashboard and select "Copy URL" from side menu of asset or use
getPublicUrlusing js api.
Expected behavior
Expected behavior described in docs, where accessing the public asset should not require a token, and using getPublicUrl would return the final url, ready to be stored in db.
Hi @madleo-dk,
Thanks for reporting this. I think this is more an issue with our docs than the actual behaviour itself.
Would you mind checking if the bucket has the public label next to it in the storage explorer?
If your bucket is already set to public and you're still getting this error, please reopen this issue, and I'll investigate further. I'll also make a note to update the docs to reflect this.
I am getting the issue, my bucket is public yet i keep being asked for a token.
I'm getting this error {"statusCode":"400","error":"Error","message":"headers must have required property 'authorization'"}
Same here. Bucket is public, no RLS policies on any tables, yet I have the same issue.
same here. Bucket is public, no RLS policies on any tables, yet I have the same issue.
For anyone getting this issue, please open a support ticket here since this looks to be project specific
Has anyone solved it?
Anyone solved it ?
Same error here, but figured out when it goes wrong. Basically if you create a bucket, and AFTER creation you switch it to public, it will still require the token.
If during the creation of your bucket, you set from the start, that its a public bucket, no token will be required.
Hope it helps
Same error here, but figured out when it goes wrong. Basically if you create a bucket, and AFTER creation you switch it to public, it will still require the token.
If during the creation of your bucket, you set from the start, that its a public bucket, no token will be required.
Hope it helps
This solved my issue. Guess there's a weird edge case where uploadToSignedUrl is still called after unchecking public.
Also these docs are wrong, it says the link is https://[project_id].supabase.co/storage/v1/public/[bucket]/[asset-name] when it is actually https://[project_id].supabase.co/storage/v1/object/public/[bucket]/[asset-name], i.e. the link in docs is missing the /object part of the path.
This solved my issue. Guess there's a weird edge case where
uploadToSignedUrlis still called after unchecking public.Also these docs are wrong, it says the link is
https://[project_id].supabase.co/storage/v1/public/[bucket]/[asset-name]when it is actuallyhttps://[project_id].supabase.co/storage/v1/object/public/[bucket]/[asset-name], i.e. the link in docs is missing the/objectpart of the path.
Thanks @ishan0102 , that worked for me.
Even the UI returns the path with a token and not the public one without any token.
Return: /storage/v1/object/sign/file.txt?token=...
Expected: /storage/v1/object/public/file.txt
Devs, please update the docs and fix this!
Has anyone fixed it yet
In my case the issue was with "Other policies under storage.objects" and "Policies under storage.buckets" in storage > policies.
When I set enable read access for all users to All in both of them it works.
In my case creating "New Policy" under the bucket worked:
Policy name: Public access
Target roles: Defaults to all (public)
USING expression: (bucket_id = 'bucket_name'::text)