Sep 25, 2025

Firebase Storage: A Simple Guide to CORS Configuration

Leave a comment
Cross-Origin Resource Sharing (CORS) is a critical part of web development, especially when working with cloud storage solutions like Firebase Storage. This post will walk you through a simple, yet powerful, CORS configuration to get your Firebase Storage bucket talking to your web app.

What's CORS and Why Does It Matter?

CORS is a security feature built into modern web browsers. It's a mechanism that allows a web page to request resources from a different domain than the one that served the web page. Imagine you have your website at `www.mywebsite.com` and you're trying to display an image stored in your Firebase Storage bucket at `my-project.appspot.com`. Without a proper CORS policy, your browser would block the request, seeing it as a potential security risk.

Configuring Your `cors.json`

To configure your CORS policy for a Firebase Storage bucket, you need to create a JSON file. 


[
  {
    "origin": ["*"],
    "method": ["GET", "HEAD", "PUT", "POST", "DELETE"],
    "responseHeader": [
      "Content-Type",
      "Access-Control-Allow-Origin"
    ],
    "maxAgeSeconds": 3600
  }
]

origin: This is the most crucial part. The `*` acts as a wildcard, allowing any domain to access your resources. While convenient for development and public assets, for production, it's best practice to replace `*` with your specific domain, e.g., `["https://www.yourdomain.com"]`, for enhanced security.

method: This specifies the HTTP methods (like `GET`, `POST`, `PUT`, `DELETE`) that are allowed. By including all of them, you're granting full control to your allowed origins. This is helpful if you need to perform actions beyond just fetching data, like uploading or deleting files.

responseHeader: These are the headers that the browser is allowed to access. Content-Type is a standard one, and Access-Control-Allow-Origin is the header that confirms the origin is allowed, which is essential for CORS to work correctly.

maxAgeSeconds: This tells the browser how long it can cache the CORS preflight response for. The value 3600 means one hour, which helps reduce the number of preflight requests for the same resource, making your application a bit faster.

Applying the Policy with gsutil

Once your cors.json file is ready, you need to apply it to your Firebase Storage bucket. You've already done this with the `gsutil` command in the Firebase Studio terminal:


studio-45:~/studio{main}$ gsutil cors set cors.json gs://studio-45-e8723.firebasestorage.app
Setting CORS on gs://studio-45-e8723.firebasestorage.app/...

  * gsutil cors set: This is the command to set a new CORS configuration.

  * cors.json: This is the path to your configuration file.

  * gs://studio-45-e8723.firebasestorage.app: This is the URI for your specific Firebase Storage bucket.

After running this command, your Firebase Storage bucket will now be configured with the CORS policy you defined. This means your web application, running on any origin, can now access the files in your bucket using the specified methods and headers\!


Sep 1, 2025

Connect Firebase Project & Workspace in Firebase Studio

Leave a comment

It’s a common setup mistake: you create a Firebase project, then a Firebase Studio workspace but they’re not connected. 

  • A Firebase project in the Firebase Console
  • A Firebase workspace in Firebase Studio


🛠️ The Fix: Link Your Workspace to the Firebase Project

1. Open the Firebase Studio Terminal

In Firebase Studio, navigate to your workspace and open the terminal window. This is where you’ll run CLI commands.

2. Run firebase init

firebase init

This command starts the setup wizard. You’ll be prompted to:

  • Grant access to Google Cloud resources

  • Select a Google Cloud project
    Choose the correct Firebase project from the list — this links your workspace to it.

  • Choose Firebase features
    Continue with terminal window. Pick the services you plan to use (e.g. Firestore, Functions, Hosting).

This step creates two key files in your workspace:

  • .firebaserc — maps your workspace to the selected Firebase project
  • firebase.json — configures Firebase services

3. Verify the Connection

Run:

firebase projects:list

Your selected project should appear with a * next to it, indicating it’s active.


studio-77:~/studio{main}$ firebase projects:list
✔ Preparing the list of your Firebase projects

┌──────────────────────┬──────────────────────────┬────────────────┬──────────────────────┐
│ Project Display Name │ Project ID               │ Project Number │ Resource Location ID │
├──────────────────────┼──────────────────────────┼────────────────┼──────────────────────┤
│ Asset                │ asset-90d38 (current)    │ XXXXXXXXXXXX   │ [Not specified]      │
├──────────────────────┼──────────────────────────┼────────────────┼──────────────────────┤

✅ Result

Your Firebase Studio workspace is now properly connected to your Firebase project. All CLI commands will target the correct environment, and you can deploy, emulate, or manage resources without errors.

🧠 Pro Tip

If you work across multiple Firebase projects, use:

firebase use --add

This lets you assign aliases and switch between them easily:

firebase use dev
firebase use prod

Firebase init output (Web app hosting option)

✔ Please select an option: Use an existing project
✔ Select a default Firebase project for this directory: asset-90d38 (asset)
i  Using project asset-90d38 (asset)

=== App Hosting Setup
i  This command links your local project to Firebase App Hosting. You will be able to deploy your web app with `firebase deploy` after setup.
✔ Please select an option Create a new backend
i  === Set up your backend
✔ Select a primary region to host your backend:
 us-central1
✔  Location set to us-central1.

✔ Provide a name for your backend [1-30 characters] asset-backend
✔  Name set to asset-backend

✔  Created a new Firebase web app named "asset-backend"
✔ Successfully created backend!
        projects/asset-90d38/locations/us-central1/backends/asset-backend

i  === Deploy local source setup
✔ Specify your app''s root directory relative to your firebase.json directory /
✔  Wrote configuration info to firebase.json
i  Writing default settings to apphosting.yaml...
✔ File /home/user/studio/apphosting.yaml already exists. Overwrite? Yes
✔  Wrote /home/user/studio/apphosting.yaml
✔  Firebase initialization complete!

✔  Wrote configuration info to firebase.json
✔  Wrote project information to .firebaserc

✔  Firebase initialization complete!

Sync Firebase Workspace & Project

studio-77:~/studio{main}$ firebase use --add
✔ Which project do you want to add? asset-90d38
✔ What alias do you want to use for this project? (e.g. staging) asset-dev

Created alias asset-dev for asset-90d38.
Now using alias asset-dev (asset-90d38)

studio-77:~/studio{main}$ firebase use asset-dev
Updating Studio Workspace active project to match Firebase CLI 'asset-90d38'
Now using alias asset-dev (asset-90d38)