i'm trying to make a simple GET request to external URLs from my cloud function using node-fetch. When a user pastes a link, I'm making this request to retrieve social media sharing tags to populate title, description and image. Some websites seem to be responding with robot messages. Is there a way around this?
So far I've made sure the origin of the request is coming from my domain and not some strange cloud server. I've also tried defining a browser based user agent in the header without much luck.
Any ideas on other things I can check for?
Related
Firebase hosting has been excellent, up until now. It is very fast and very cheap. Alas, there is absolutely no access to any server-side activities such as you normally would with PHP.
I'm using Opayo 3D Secure to process payments. Part of this involves showing an OPayo webpage inside an iframe to capture bank card details. This then returns another URL from a bank that issues a question to the card's account holder. When complete, the bank sends a POST message to my website with two parameters that I then use to complete the transaction. I can see these parameters in Chrome's Devtools but I have no idea how to access them using Javascript.
Here are the returned values (cres and threeDSSessionData):
It is not possible to use fetch() or XMLHttpRequest() to get the response. The URLs provided must be presented using iframes.
Obviously, Firebase Hosting is passing the HTTP headers and body back to the website, as can be seen from the Devtools, but how do I get hold of them?
I am making a web app using firebase. I was looking into restricting access to certain pages unless there's a subscription. When I looked through the docs all I found was that I could do transactions with stripe and it only applied on signing in and up not restricting pages.
After searching on the internet, I didn't find a viable solution, but three ideas came up to me I could use (which are either with low working possibility or very lackluster to say the least. (all include using stripe.))
One: I would use a middleware to verify the token I get from stripe and then redirect from there. (but all that comes to my mind how I would identify the redirected page in the middleware. And even if that was probable how much time would that take to make it work(if that even is possible), I have no idea.)
Two: in hosting configurations I could call a function when a rewrite is performed. I thought I could call a make a function that verifies the token from the strip when a restricted page is called. (But then again not only is the function accessible after hosting and can be viewed, I don't know if I can call firebase configurations and functions inside the firebase.json.)
third: this is the most viable but has very bad downsides, is authenticating the strip token from in a regular javascript, and if it fails it would restrict the access to the page. Do the same in the rules so that the database section related to that page. (the downside is that the HTML, CSS, and javascript would all be accessible. Only the database functions relating to them are restricted.
So with all that being said, I couldn't find any viable option I could use. So I was wondering if anyone in here have met the same problem and got a solution or do you have any advice I could use.
Note: I am using firebase's realtime database by the way.
If you are trying to restrict access to your webpages/app, you should come up with a logic in your backend or frontend (depending on your app structure) where you could store values needed in Firestore or another solution.
In case you would like to restrict access to Firestore, you can achieve that with Rules.
I'm working on some app which should use Google Maps JS API (browser version).
And there exists one problem I've got very concerned about.
API keys have restriction to be used only from your domain, however, any request from your domain (for example, from code inspector) is considered a valid request. So, anyone can make a simple script and kick my quota out easily.
So, here is my question:
Is there any option or command to run to block such activity ? Like the script will load just one instance and then will not accept creation of a new one or something like that.
P.S. I know about free quota for mobile versions of API, but I need the browser to work too. Obviously, I don't load this in any public area, but anyone can pretend to be a client and even order some service for couple bucks, but then run the script to make an impact for thousands ((
Sorry, I'm just getting started with Cloud Functions so excuse me if this doesn't make sense.
I noticed when watching the 'Node.js apps on Firebase Hosting' video that each load was only returning the document in question. However I set up my cloud function and noticed that it is also loading some other resources like a favicon?
My cloud function is making a call to an external api and then returning it to the user. All I need is the json body from the response. Do I need these other resources?
A browser is always going to request favicon.ico. That's how it determines what icon to show for the site in the title. It's harmless. There might be some way to disable that for whatever browser you're using, but I don't think it's worthwhile to worry about it.
I want to respond to Firebase events to generate (keep updated) to generate HTML pages and put them to Firebase Hosting so that they can be immediately available for use. I have it working except for the part about uploading the resulting HTML to Firebase hosting. It seems like I cannot do it this way but I want to so that all the pages are pre-rendered and ready to load fast.
I have cloud functions connected to hosting but that is the same old way of fetching from the database during a request cycle which I wanted to avoid.
On this page it says "Prerender your single-page apps to improve SEO." and thats what I want. Is it possible? How to store the pre-rendered pages from a HTTP function?
The "Prerender your single-page apps to improve SEO." talked about on that page is prerender in the cloud before serving the content to the requesting party. It is not generate static files when data updates before a request is even made.Generally the prerendering with appropriate caching headers is enough for most use-cases.
If you really want to pregenerate all the pages whenever data changes, you could do that but that'll be more complicated. There are some good articles and guides about deploying to Firebase Hosting after continuous integration finishes. The general idea holds true for what it sounds like you want except what triggers the build/deploy is data driven rather than code change.
The way to pre-render HTML so that metadata such as JSON-LD is available to search engines and opengraph is available to social media platforms for rich cards in shared links is to use Cloud Functions. You basically run Express/Pug (previously Jade) in your cloud function(s) to respond with HTML after whatever database/datastore lookups have completed. I've implemented this and it works great.
Call functions via HTTP requests provides some direction. You basically add some forwarding info to customize your hosting. This will direct HTTP calls over to your Express server running in Cloud Functions. Check the firebase functions github repo for sample code.