I'm using GCP cloud run to manage a nodeJS/express API, I did a redirecction from a custom domain to url from cloud run with firebase hosting, when I do a POST request to cloud run domain everything works ok, but when I do the same POST request to my custom domain through firebase hosting the request is redirected as GET. Is there any additional configuration to setup?
I expect to firebase doesnt change HTTP verb
Related
My setup is like
API lib built on top of API gateway endpoints => gateway authenticates requests against firebase users => Call Cloud function for an endpoints.
This seems to be working fine.
Only concern is security/authentication of cloud function.
How to achieve.
No one should be able to call cloud function directly
OR Cloud function should accept traffic only from API gateway.
Current settings are :
If i change allow internal traffic only then API gives a Not allowed error.
Partial ans is here:
I figured out that i was not setting correct jwt_audience thats where it was throwing "Your client does not have permission to the requested URL": 401.
because my function URL was not same as what i mentioned in OpenApi spec. I had postfix to my URL, hence my request were failing.
earlier :
options:
x-google-backend:
address: https://**-**-**-test.cloudfunctions.net/<funtion_name>/filter
Now:
options:
x-google-backend:
address: https://*-**-**-test.cloudfunctions.net/<funtion_name>/filter
jwt_audience: https://**-**-**-test.cloudfunctions.net/<funtion_name>
I tried to set setting "allow internal traffic only" but its failing with 403. Still i am not sure if i can set internal only traffic for cloud function along with API gateway.
After deploying a Next.js app on AWS Amplify and using a rewrite to an external server, when inspecting the request headers, the User Agent header is Amazon CloudFront instead of the user's user agent.
When deploying the same Next.js app on Vercel, the user agent reflects the actual user's user agent, which is the expected behaviour.
Does anyone know how to fix this issue on AWS Amplify?
I have a service API running behind Firebase Hosting Rewrite Rule that will benefit from CDN caching as its API response rarely changes, but it will need to be protected from the public. Currently, the server is doing auth check for every request coming in using Firebase Auth's verifyIdtoken to see if it should accept incoming request or not.
I was wondering if Firebase Hosting's global CDN supports any kinds of authentication, such that auth check can be done at CDN level. Something similar to GCP Endpoint Auth, or but tailored for Firebase.
As a mitigation for now, the server is setting cache related HTTP headers for requestors to cache the response, however, this is per-user cache, and every new user's request will continue to reach the server.
All files on Firebase Hosting are accessible by anyone who knows their URL, so should only be used for hosting public files. There is no security mechanism in place.
Firebase messaging error in http server, but works well in https server.
; FirebaseError: Messaging: The required permissions were not granted and blocked instead. (messaging/permission-blocked).
Do we need https server to send the notification from the server?
The Firebase Cloud Messaging SDK is supported only in pages served
over HTTPS. This is due to its use of service workers, which are
available only on HTTPS sites.
More Information here
Good luck!
I am transitioning a ReactJS app running on Heroku to be hosted as a static site on Firebase. I am planning to use Firebase Functions to handle logic and drive environment configurations.
A requirement is to support login via 3rd-party Auth0's hosted login page -- the client is redirected to a login page via:
// redirects to auth0's hosted login page
this.auth0.authorize(options);
Because the options argument fed to this method depends on environment-specific configuration it should reside within a Cloud Function (according to my other question that was answered).
There is documentation in Firebase for serving dynamic content from a cloud function but I don't know how to redirect the client from a cloud function.
Is there a way I can do this? Or a more pragmatic solution?