Using Google Firebase in my ios swift app, I found the infamous message in my console output:
App Transport Security has blocked a cleartext HTTP (http://) resource
load since it is insecure. Temporary exceptions can be configured via
your app's Info.plist file.
Using the method here, I was able to find that this is triggered by a request to load http://www.google-analytics.com/ga.js, which is presumably from Firebase Analytics.
Do I need to add an exception for this?
I'm using the firebase/analytics module (firebase 7.1.0) inside a react app using firebase hosting and I was getting an error trying to load the googletagmanager (which I am NOT doing explicitly, it is coming from the module).
Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=someGTM-id'. This request has been blocked; the content must be served over HTTPS.
I am not importing google analytics from inside the index.html file, rather I am loading firebase/analytics from a javascript file with basically:
import firebase from 'firebase/app';
import 'firebase/analytics';
const firebaseConfig = {
apiKey: "api-key",
authDomain: "project-id.firebaseapp.com",
databaseUrl: "https://project-id.firebaseio.com",
projectId: "project-id",
storageBucket: "project-id.appspot.com",
messagingSenderId: "sender-id",
appId: "app-id",
measurementId: "G-measurement-id",
};
firebase.initializeApp(firebaseConfig);
firebase.analytics();
I found: https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content
and https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests
And fixed it by placing the following line inside my index.html file:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
http://www.google-analytics.com/ga.js is not used by Firebase. Perhaps one of the other SDKs you are using accesses this script.
You do if you wish to use Firebase Analytics. Alternatively, you can disable analytics in the Firebase plist file.
Related
I just started implementing push notifications in Expo - following the guides on expo.io. Hence, I created an Android app in my Firebase console and my app.json contains now a reference to the Google service file:
"android": {
"package": "------------",
"googleServicesFile": "./google-services.json",
"useNextNotificationsApi": true,
}
If I test this on a real android device (standalone app) I do not receive a valid token via this function:
token = (await Notifications.getExpoPushTokenAsync()).data;
Instead I get the following error:
Error: Encountered an exception while calling native method: Exception
occured while executing exported method getDevicePushTokenAsync on
module ExpoPushTokenManager: Please set your project ID. A valid
Firebase project ID is required to communicate with Firebase server
APIs: It identifies your project with Google."
I guess it has something to do with the way of my project setup. I also followed the Expo guides to setup firebase (e.g. for phone authentication) and hence created a web app in the Firebase console. In my application I initialize the Firebase web app with my web app configuration like this:
const FIREBASE_CONFIG: IFirebaseOptions = {
apiKey: '--------',
authDomain: --------.firebaseapp.com',
databaseURL: 'https://--------.firebaseio.com',
projectId: '--------',
storageBucket: '--------.appspot.com',
messagingSenderId: '--------',
appId: '--------',
measurementId: '',
trackingId: '',
};
firebase.initializeApp(FIREBASE_CONFIG);
The FIREBASE_CONFIG (for my Firebase Web App) as well as the google-services.json (for my Firebase Android App) have the correct project ID. Do I need to initialize the Firebase Android App somehow?
I am using Expo SDK 40.0.1.
What helped me: I deleted the old Firebase Android App, created a new one, downloaded the google-services.json file and built a new version of my app: It worked.
I cannot come up with an explanation why the first Firebase Android App was faulty because I did not make anything different than I did now.
Hopefully that will help some of you as well.
Hey I got this same issue with my react native project. Actually it was working fine but one day this error popped up so I checked the last working version of my files.
The actual issue was with the version of my google services in the gradle file.
Instead on 3.0.0, I have changed it to "classpath 'com.google.gms:google-services:4.3.8'".
I would like to get data from Firebase. I found some tutorials, but all is using Google Credential ServiceAccount to initialize firebase app. this's is tutorial that i found :
https://medium.com/techwasti/spring-boot-firebase-crud-b0afab27b26e , and else tutorial i found, almost like that too, is using ServiceAccount.
But the problem is i cannot get the ServiceAccount from this firebase because it's from third party. that's mean the owner of firebase don't want to give ServiceAccount.json to me, but they give me firebase config to me, like this :
const firebaseConfig = {
apiKey: "apkey",
authDomain: authdomain",
databaseURL: "databaseurl",
projectId: "projectid",
storageBucket: "storragebucket",
messagingSenderId: "messagesenderid",
appId: "appid",
measurementId: "measurementid"
};
So, how can i initialize this firebase using kotlin in my java springboot aplication?
i had try to find the solution, but not found anything,
I would be glad for any help.
If you want to initialize the Firebase Admin SDK, you will need a service account. There are no alternatives for this.
The config for the front end web app that you're showing here will not work at all. That config is only used for frontend apps that are acting as clients on behalf of the end user.
The documentation for creating cloud function testing directs the user to configure the test suite.
Here's the code block it directs the user to create:
// At the top of test/index.test.js
const test = require('firebase-functions-test')({
databaseURL: 'https://my-project.firebaseio.com',
storageBucket: 'my-project.appspot.com',
projectId: 'my-project',
}, 'path/to/serviceAccountKey.json');
We wish to use online mode, but we wish to test against the local firebase emulator instead of a cloud instance. We attempted to initialize the test by omitting the key file and redirecting the database url as below:
require('firebase-functions-test')({
databaseURL: 'localhost:9000',
storageBucket: 'my-project.appspot.com',
projectId: 'my-project',
});
Unfortunately this does not work. The program will just throw the exception:
#firebase/database: FIREBASE WARNING: {"code":"app/invalid-credential","message":"Credential implementation provided to initializeApp() via the "credential" property failed to fetch a valid Google OAuth2 access token with the following error: "Error fetching access token: Error while making request: getaddrinfo ENOTFOUND metadata.google.internal. Error code: ENOTFOUND"."}
How is a user supposed to hookup to an emulator rather than a cloud instance?
Use Case
I am using Firebase JS SDK to access Cloud Firestore from Browser, so that I can push UI Logs and Errors into Firestore.
Issue
It was all working fine until I, accidentally, deleted most of the Service Accounts in my Google Cloud Platform inside APIs & Services → Credentials.
Below is the sample Config that we use for a Firebase Web App:
<script src="https://www.gstatic.com/firebasejs/7.13.1/firebase-app.js"></script>
<script>
// Your web app's Firebase configuration
var firebaseConfig = {
apiKey: "AIzaSyCztfcT6k6yXXXXXXXXXXXXXXXXXX",
authDomain: "<some-domain>.firebaseapp.com",
databaseURL: "https://<some-domain>.firebaseio.com",
projectId: "<some-domain>",
storageBucket: "<some-domain>.appspot.com",
messagingSenderId: "877458876543",
appId: "1:877458876543:web:9a9287dee234cd655ab7f2"
};
// Initialize Firebase
firebase.initializeApp(firebaseConfig);
</script>
I even tried reading Firebase Service Accounts Overview, but could not decide which Service Account to use for Firestore. Then, I tried adding different Service Accounts according to my Project ID and giving them Owner permissions to my Project, but it didn't work.
Full Error I am getting in Browser's Console:
Uncaught (in promise) FirebaseError: Missing or insufficient permissions.
at new Hr (https://www.gstatic.com/firebasejs/7.8.2/firebase-firestore.js:1:48219)
at https://www.gstatic.com/firebasejs/7.8.2/firebase-firestore.js:1:378673
at wr.<anonymous> (https://www.gstatic.com/firebasejs/7.8.2/firebase-firestore.js:1:377569)
at Wt (https://www.gstatic.com/firebasejs/7.8.2/firebase-firestore.js:1:15221)
at wr.S.dispatchEvent (https://www.gstatic.com/firebasejs/7.8.2/firebase-firestore.js:1:16063)
at Er.ua (https://www.gstatic.com/firebasejs/7.8.2/firebase-firestore.js:1:45322)
at nr.S.Fa (https://www.gstatic.com/firebasejs/7.8.2/firebase-firestore.js:1:43229)
at Ge (https://www.gstatic.com/firebasejs/7.8.2/firebase-firestore.js:1:21453)
at qe (https://www.gstatic.com/firebasejs/7.8.2/firebase-firestore.js:1:20854)
at Me.S.Ja (https://www.gstatic.com/firebasejs/7.8.2/firebase-firestore.js:1:23264)
Actually, I want to cleanup my Service Accounts as there were many created by myself. Please guide in telling which Service Account to use and what suitable Permissions to give.
Firestore Security Rules depend on a service account named service-PROJECT_NUMBER#firebase-rules.iam.gserviceaccount.com with the role
roles/firebaserules.system. You can use gcloud to restore this account:
gcloud projects add-iam-policy-binding PROJECT_ID --member=serviceAccount:service-PROJECT_NUMBER#firebase-rules.iam.gserviceaccount.com --role=roles/firebaserules.system
To get the project number, see Identifying projects.
Taking my first steps with Firebase. Just a few pointers to documents explaining what is going on will help.
I have set up a new firebase web project and connected my dev environment with the firebase sdk. Now when I drop the email-password quickstart into the project it works. (after enabling email/password sign in.)
But wait: This quickstart html file does not contain any configuration that the firebase console tells me to paste:
var config = {
apiKey: "xxx",
authDomain: "xxx.xxx.com",
databaseURL: "https://xxx.xxx.com",
projectId: "xxxx",
storageBucket: "xxx.xxx.com",
messagingSenderId: "xxx"
};
Does the local firebase server add the configuration in the background? When and where do I have to add this configuration to web pages?
If you check line 35 of that quickstart, you'll find this magic include:
<script src="/__/firebase/init.js"></script>
This is an auto-generated file by Firebase Hosting, that contains precisely the code that initializes the connection to the Firebase backend services of your project.
If you'd like to learn more about it, read:
Easier configuration for Firebase on the web
SDK imports and automatic initialization
SDK auto-configuration