Firebase messaging error in http server, but works well in https server.
; FirebaseError: Messaging: The required permissions were not granted and blocked instead. (messaging/permission-blocked).
Do we need https server to send the notification from the server?
The Firebase Cloud Messaging SDK is supported only in pages served
over HTTPS. This is due to its use of service workers, which are
available only on HTTPS sites.
More Information here
Good luck!
Related
I'm using GCP cloud run to manage a nodeJS/express API, I did a redirecction from a custom domain to url from cloud run with firebase hosting, when I do a POST request to cloud run domain everything works ok, but when I do the same POST request to my custom domain through firebase hosting the request is redirected as GET. Is there any additional configuration to setup?
I expect to firebase doesnt change HTTP verb
I am currently setting up the Google Auth provider within my firebase application. I have enabled the Google Auth provider, as well as the authorized domains within the authentication tab.
Even after updating my authorized domains, etc. I am still receiving the following error:
iframe.js:299 Info: The current domain is not authorized for OAuth operations. This will prevent signInWithPopup, signInWithRedirect, linkWithPopup and linkWithRedirect from working. Add your domain (ys-provider-map.firebaseapp.com) to the OAuth redirect domains list in the Firebase console -> Auth section -> Sign in method tab.
Is there something I may have missed, etc. Any and all feedback is much appreciated
Similar issue was reported in this github thread.
The reason for this error may be because you didn't have the firebase app domain itself (*.firebaseapp.com) included in the Accept requests from these HTTP referrers (web sites) list in the Google API credentials for the app key (https://console.developers.google.com/apis/credentials/key).
This must be a fairly recent requirement as accepting requests from the actual site domain was enough beforehand.
Hope above information helps.
I am making a mobile app with my custom API on AWS, firebase auth and firestore. I want to make secured connection:
- prevent MITM attack between client and AWS, and between client and firebase store
- prevent anybody to make request (and accept request only from mobile app)
Firestore
|(<- should be secure)
User - Firebase Auth
|(<- should be secure)
AWS EC2
Should I use JWT? Does anybody know how to use it on firebase auth?
I have used JWTs previously to allow a user’s login state persist on different sub domains on the same root domain (as Firebase does not do this natively). Check out this article:
https://dev.to/johncarroll/how-to-share-firebase-authentication-across-subdomains-1ka8
It may help with auth and JWT! It will allow you to authenticate in both backend and frontend.
I have a service API running behind Firebase Hosting Rewrite Rule that will benefit from CDN caching as its API response rarely changes, but it will need to be protected from the public. Currently, the server is doing auth check for every request coming in using Firebase Auth's verifyIdtoken to see if it should accept incoming request or not.
I was wondering if Firebase Hosting's global CDN supports any kinds of authentication, such that auth check can be done at CDN level. Something similar to GCP Endpoint Auth, or but tailored for Firebase.
As a mitigation for now, the server is setting cache related HTTP headers for requestors to cache the response, however, this is per-user cache, and every new user's request will continue to reach the server.
All files on Firebase Hosting are accessible by anyone who knows their URL, so should only be used for hosting public files. There is no security mechanism in place.
So here's situation,
The firebase auth is very good.
But in some area for some reason the host of https://www.googleapis.com are not accessible from app side.
So I was think about a way to proxy the request to https://www.googleapis.com in may iOS app to My Server, and My Server will transfer the auth request to https://www.googleapis.com on server sider.
Question
Is there a way to config the host in firebase API ? Or is this a good way to do it?