How to use Firebase behind Firewall / Proxy? - firebase

We are running a simple application that connects to Firebase are reads some data. It fails to connect with the following timeout error:
#firebase/database: FIREBASE WARNING: {"code":"app/invalid-credential",
"message":"Credential implementation provided to initializeApp()
via the \"credential\" property failed to fetch a valid Google OAuth2 access token
with the following error: \"Failed to parse access token response: Error: Error
while making request: connect ETIMEDOUT
We are behind Firewall / Proxy and it appears that is blocking traffic to/from Firebase and hence failed connection. My question is what ports need to be opened and to what destination URLs to make this application work normally?
Any help will be much appreciated!

Finally, after struggling with the issue for several days got it working. Needed to contact network team and request to perform following actions:
Open ports 5228, 5229, 5230 for Firebase communication.
Opened communication at proxy level between the source server and following URLs:
fcm.googleapis.com
gcm-http.googleapis.com
accounts.google.com
{project-name}.firebaseio.com
Added following code in my node.js application:
var globalTunnel = require('global-tunnel-ng');
globalTunnel.initialize({
host: '<proxy-url>',
port: <proxy-port>,
//proxyAuth: 'userId:password', // optional authentication
sockets: 50 // optional pool size for each http and https
});
Installed module global-tunnel-ng:
npm install global-tunnel-ng
It solved the my problem and I hope it can help others too. :-)

I used Wireshark to monitor a local install of a Node.js application using the Admin SDK for firestore. I also referenced this list by Netify. This is what I found:
*.firebaseio.com
*.google.com
*.google-analytics.com
*.googleapis.com
*.firebase.com
*.firebaseapp.com

Related

Setup mTLS to a service in ABAP

I'm trying to setup the mTLS authentication process for an endpoint created in the SICF transaction on ABAP-based software. I'm not using SAP HANA.
I've already imported the certificates into the STRUST transaction (SSL server Standard),
Inside the service on SICF, I've put the following settings in Logon Data tab:
But when I receive the HTTP request, the connection is returning the 401 status code.
Is that the right way to achieve this goal? If not, is there any documentation, where I can find a step by step on how to configure this type of authetication?

Progressive Web App: The FetchEvent for "<URL>" resulted in a network error response: the promise was rejected

I am seeing the following errors in the console of my PWA:
The FetchEvent for "https://static.cloudflareinsights.com/beacon.min.js" resulted in a network error response: the promise was rejected.
The FetchEvent for "https://www.google-analytics.com/analytics.js" resulted in a network error response: the promise was rejected.
It seems that external scripts have problems being fetched by workbox? The website is a next.js app and i am using next-pwa to turn it into a PWA. Here is the pwa-config for next-pwa: next-pwa config
Does anyone know how to fix this?
This is fairly common if you have a ad/tracking blocker extension installed, or if your browser has built-in blocking. A Workbox-powered service worker will not do anything to work around this blocking.

Why I cannot access Firebase Storage

I'm using Firebase Storage to keep some files of my App. Suddenly I started to get an SSL errors on both iOS and Android platform and no idea what's the issue.
iOS :
NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://firebasestorage.googleapis.com:443/v0/b/XXXXX.appspot.com/o?delimiter=/, NSUnderlyingError=0x600002e81440 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9816, _kCFStreamErrorDomainKey=3, _kCFStr
FLTFirebaseStorage: An unknown error occurred while calling method Reference#listAll
Android :
V/NativeCrypto(16839): SSL handshake aborted: ssl=0xbd081f68: Failure in SSL library, usually a protocol error
V/NativeCrypto(16839): error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER (third_party/openssl/boringssl/src/ssl/tls_record.cc:242 0x9b4e9d4c:0x00000000)
W/NetworkRequest(16839): error sending network request GET https://firebasestorage.googleapis.com/v0/b/XXXXXX.appspot.com/o
According to our investigations, USOM (National Cyber Incident Response Center) seems to block firebase cloud storage services. The issue is interestingly seemed to be related more with Turkish Government rather than Firebase. This explains why VPNs still work for accessing your files. ISP is blocked by the government in order not to reach storage services of google. I think someone (may be a responsible team in Google) need to reach them and illuminate that their action is weird and they should not block whole storage service for preventing an access to a file which they think is illegal..
Here you can check the block list:
https://www.usom.gov.tr/url-list.txt
you can search firebasestorage.googleapis.com, it is there.

Apache Camel TCP client communicate to a server

I am new to apache camel. What I am trying to do is I have exposed and Rest api to get data.
From that I need to communicate to an existing TCP server(Simple java server application) to retrieve data and send back to a client. What I have picked is Apache camel to do this integration.
rest()
.consumes("application/json").produces("application/json")
.get("/weather2/{city}").outType(WeatherDto.class).to("direct:get-weather-data")
from("direct:get-weather-data")
.process(this::setTCPMsg)
.to("netty://tcp://127.0.0.1:9898")
Above is the way I have defined the routes but when I try to run the appication I get below eror
org.apache.camel.FailedToCreateRouteException: Failed to create route route5 at: >>> To[netty://tcp://127.0.0.1:9898] <<< in route: Route(route5)[From[direct:get-weather-data] -> [process[Proc... because of No endpoint could be found for: netty://tcp://127.0.0.1:9898, please check your classpath contains the needed Camel component jar.
Please advice How to solve this issue.

HWIOAuthBundle Google login device_id and device_name for a webapp

I am working on a Symfony2 app. I'm using FOSUserBundle to handle authentication and recently integrated it with FOSUserBundle using this tutorial: https://gist.github.com/danvbe/4476697 .
The problem is:
I can login using the google api on localhost and everything works fine.
However when I try to login on a real server I get:
Error: invalid_request
device_id and device_name are required for private IP: http://<server_ip>/login/check-google
Request details:
response_type=code
scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
redirect_uri=http://<server_ip>/login/check-google
client_id=<my_id>
Google documents don't mention these two parameters. I tried to manually send a request with device_id being a UUID and device_name set to "notes". The response I get this time is:
Error: invalid_request
Device info can be set only for native apps.
Request details:
cookie_policy_enforce=false
response_type=code
device_name=notes
scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
redirect_uri=http://<server_ip>/login/check-google
device_id=4b3403665fea6
client_id=<my_id>
Now, what am I doing wrong?
Google will not accept a local (private) IP address when doing Oauth or API calls. My workaround was to add an entry in my Windows hosts file for the local IP:
\Windows\System32\drivers\etc
192.168.1.2 fakedomain.com
then register it with Google in their dev console. That appears as a "real" domain to them, but will still resolve in your browser or code to the local IP. I'm sure a similar approach on Mac or Linux would also work.
It really looks like your using the wrong flavor of oauth. device_id is used with Devices. I would really expect you to be using the WebServer flow. You may need one of the other flows as I don't see enough detail here to judge, but they all can be found at the links.

Resources