I'm using a free plan of firebase storage. All working good but the image not loading on my flutter web.

I'm getting this error.

Access to XMLHttpRequest at 'https://firebasestorage.googleapis.com/v0/b/sap-app-8318e.appspot.com/o/cover%2Fimage_cropper_028D7F16-0161-4E90-B40D-EE47D310F322-5339-000003697F67306C.jpg?alt=media&token=313475a9-9728-4e61-97da-f5d5534bb008' from origin 'https://sap.nextcardpro.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
firebasestorage.googleapis.com/v0/b/sap-app-8318e.appspot.com/o/cover%2Fimage_cropper_028D7F16-0161-4E90-B40D-EE47D310F322-5339-000003697F67306C.jpg?alt=media&token=313475a9-9728-4e61-97da-f5d5534bb008:1

I searched on google everyone told need to allow CORS Access from firebase, but how can I have to add it. but how can I add it to my free firebase plan?

[
    {
      "origin": ["*"],
      "responseHeader": ["Content-Type"],
      "method": ["GET", "HEAD", "DELETE"],
      "maxAgeSeconds": 3600
    }
]

I had a similar problem and as always, it took me few hours to fix but the solution is as always simple and easy.

When you run this command flutter run -d chrome --web-renderer canvaskit --no-sound-null-safety app will run and everything works fine and pixel-perfect but sadly network images failed to load. When you inspect the app look into console you will see this beautiful error

(Blocked by CORS policy) : No ‘Access-Control: Allow-Origin’ header is present on the requested resource.

What is CORS?

CORS stands for (Cross-Origin-Resource-Sharing). CORS is a browser security feature that restricts Cross-origin HTTP requests that are initiated from scripts running in the browser.

Now how to fix CORS issue? And displaying images from any other domain or from Firebase Storage. The answer is very simple follow me with the steps below

1. Open the GCP console you will see the screen below

2. Now select your project and click on the dashboard Button.

3. Start a cloud terminal by clicking the >_ icon button in the top navbar as you can see in the below image

4. Click on the open editor button and (wait for few seconds)

5. Now click on 3 (...) dot and create new file and named it cors.json like you can see in the below image

6. Copy and paste the this code

   [ { "origin": ["*"], "method": ["GET"], "maxAgeSeconds": 3600 } ]

In the code you notice i set the origin * which means that every website can display your images. But you can also insert the domain of your website there to restrict the access.

7. Now run the command : gsutil cors set cors.json gs://your-bucket When you run gsutil cors set cors.json gs://your-bucket you will get beautiful error (‘gsutil ServiceException: 401 Anonymous caller does not have storage.objects.list access to bucket’) it’s mean you need to login first.

8. Run this command gcloud auth login and login into gcloud

9. Now again run this command gsutil cors set cors.json gs://your-bucket

if you want to read more about CORS: https://cloud.google.com/storage/docs/configuring-cors

If somebody has a problem with installing gsutil. It will not work with python 3.10 which is the most recent one. You have to install a previous one, which version number starts with 3.7

like this one: download python 3.7.9

I implemented this solution by issuing two of the commands from the linked solution:

echo '[{"origin": ["*"],"responseHeader": ["Content-Type"],"method": ["GET", "HEAD"],"maxAgeSeconds": 3600}]' > cors-config.json

This created the json configuration file. Next I needed to update the configuration for the specific bucket by issuing the second command and substituting the name of my storage bucket...

gsutil cors set cors-config.json gs://YOUR_BUCKET_NAME

Once I completed these two steps I was able to access and download files.