@TIMAI2 it seems I need to authorize with another rule the node "Textbox_scrivi_tag" under the node "cartella-eventi"???
How?
In my knowledge a role applied to a node, applies to all sub-nodes.... is it true?
Why do that? No-one other than the anonymous user who created can read anything under that node, so it is not needed.
From what you show from the firebase console your path is (assuming cartelli-eventi is the set projectBucket):
firebaseUrl/cartelli-eventi/uid/INFO_LIBRE.json&auth=...
with the PUTText of:
{"valore1":"yourValue"}
CLARIFICATION REQUEST
User 1: He creates an event in which some information is paid for
User 2: He pays to access the information from User 1's event
If with anonymous authentication, only the person who creates the data (User 1) has access to it, how can User 2 access the information created by User 1?
Are you telling me I can't protect the data for my app?
Sorry, but this is confusing because I thought ALL anonymously authenticated users could access data created by other users and placed in the buckets authorized by the rules...
How can I set "cartella-eventi" as projectBucket?
No... Path in console is
-URL
---cartella-eventi
--------ID for events 1
---------------INFO for events 1
--------ID for events 2
---------------INFO for events 2
....
Put text is
- INFO_LIBERE
------valore 1
------valore 2
------valore 3 - INFO_SEGRETE
------valore 4
------valore 5
I beg to differ (your image where you show a uid for an anonymous user):
If you want authenticated anonymous users to read other authenticated anonymous user data, then you would need to change your rules. I was quite clear about the rules i set in the guide.
We are veering off topic again, if you want help with how to use Firebase, I have provided links to the documentation, and there is always StackOverflow which is the default question asking platform for Firebase.
Ok @TIMAI2, I do not agree that I'm offtopic, but I respect you... so my last question 
where do you explain how do this?
I do not show such rules, specifically. You could look here for ideas:
or in the Firebase documentation or on StackOverflow
e.g.:
Thak you Tim!
Hi @TIMAI2
I've solved all the problems with RealTime Database and now I've switched to Storage.
I've been able to save, retrieve, and delete images in Storage.
Now I'd like to do the same thing by applying the rules in Storage with anonymous authentication.
I set the rule in Storage (and it works well because I tested it with Playground).
INTRODUCTION
I'm following your guide "PART III - Firebase Demo: Secured with Web Component"
QUESTION 1
To display images (described in the "Download a file" section of your guide), I'm using the "World readable" approach (will display image in image component), so I add in blocks "&token=".
Everything works! But my question is: when users of my app will create images, will also be created for each image. How can I retrieve the specific values for each image? (Now, for my tests, I had to copy and paste from the Firebase console from the Storage area... but how will my app do this automatically?)
QUESTION 2
"Upload a file" and "Delete a file" return a 403: permission denied error.
In my blocks, I called the idToken... the same one obtained during signin and used for RealTime DB.
What am I doing wrong?
Your app will need to capture the response content after a file upload, extract the url, and then store this in the realtime database in the correct place (along with the other associated data...)
I will need to do some testing to be able to answer your question here. The only thing, after first review, I see that is different is the use of firebasestorage.app after the bucket in your urls.
Ref: QUESTION 2
Not having any issues uploading or downloading/viewing files with secure rules in place, FOLLOWING MY GUIDE. I did not use the firebasestorage.app after the bucket.
You may have more success if you simply set your storage secure rules to {bucket} ?
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
Hi @TIMAI2, I'm working in QUESTION 2 first.
In your guide you put
I have not an "appspot.com", but firebasestorage.app as you can read in Firebase FAQ
"Starting October 30, 2024, all new default Cloud Storage buckets have the name format PROJECT_ID.firebasestorage.app. Any default buckets created before that date have the name format PROJECT_ID.appspot.com."
The structure of my storage is
PROJECT_ID.firebasestorage.app/TEST/... pictures list...
How my rule should be?
In my blocks, what is the token I have to retrieve: idToken or refreshToken?
Working on this with a firebasestorage.app designated project, but it should look like:
rules_version = '2';
service firebase.storage {
match /b/myProject.firebasestorage.app/o {
match /FBDEMO/{allPaths=**} {
allow read: if request.auth != null
allow write: if request.auth != null;
}
}
}
.
.
idToken.
That said, you will need to build in the logic to handle:
The absence of a valid idToken, for which you require the refreshToken.
Now tested with a firebasestorage.app only project (new project that doesn't use appspot)
Used these rules:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
Uploading, downloading and viewing/displaying files works as expected. Example procedures below:
Hi @TIMAI2... I don't know what I can do...
My blocks to save image with rules are like yours
I tested with and without "file://" in file path...
I har made a copy-past of your rule
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
My idToken should be ok because is the same I use in the app with Realtime and it works...
Permission error is still there...
Show the error
This is error I show in a label
I'm testing many possibilities from the web...
I have tested to eliminate "_" from the file name in web1 url... nothing
I have tested to separate the rules write/read in 2 lines... nothing
Very strange!!
Do you have space after Bearer in you headers?
No, there is not a space.
You need a space:
Bearer sdjk;oijggnvn;igj;
instead of:
Bearersdjk;oijggnvn;igj;
As I said in past... YOU ARE A GENIOUS!!!!!!!
Now it works!!!!!!!
Thank you thank you thank you!!!!
Without your help I never would have solved this!