SOLVED - See my answer below.
Callable function is causing CORS error like this:
Access to fetch at 'https://us-central1-careerhub-a50a2.cloudfunctions.net/createUser' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Function code:
exports.createUser = functions.https.onCall((data, context) => {
const email = data.email
const password = data.password
admin.auth().createUser({
email: email,
emailVerified: false,
password: password
}).then((res) => {
return {
response: res
}
}).catch((err) => {
return {err}
})
})
Client-side:
const handleAddUser = () => {
let pswd = passwordGen(7)
const createUser = firebase.functions().httpsCallable('createUser');
createUser({email: email, password: pswd}).then(function(result) {
let res = result.data
console.log(res)
}).catch(function(error) {
console.log(error.code)
})
}
package.json
{
"name": "careerhub-web",
"version": "0.1.0",
"private": true,
"dependencies": {
"@testing-library/jest-dom": "^4.2.4",
"@testing-library/react": "^9.3.2",
"@testing-library/user-event": "^7.1.2",
"antd": "^4.0.2",
"firebase": "^7.10.0",
"node-sass": "^4.13.1",
"react": "^16.13.0",
"react-dom": "^16.13.0",
"react-email-editor": "^1.0.0",
"react-reveal": "^1.2.2",
"react-router-dom": "^5.1.2",
"react-scripts": "3.4.0",
"recharts": "^2.0.0-beta.2"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test",
"eject": "react-scripts eject"
},
"eslintConfig": {
"extends": "react-app"
},
"browserslist": {
"production": [
">0.2%",
"not dead",
"not op_mini all"
],
"development": [
"last 1 chrome version",
"last 1 firefox version",
"last 1 safari version"
]
}
}
This error persists even if I'm offline.
Things I've tried:
const cors = require('cors')({origin: true});
to functionset the request's mode to 'no-cors' to fetch the resource with CORS disabled. It states that there's a missing Access-Control-Allow-Origin header on the resource you requested. If you think about it, your client doesn't have anything to do with CORS.
One of the work around is to add a “proxy” property to your package. json file and assign your service base url to it. Thus, any request made on your react app will be proxied to http://localhost:8080/api/* or https:my-service.com/api/*, as against your React client origin via http://localhost:3000/api/*.
The error turned out to be a poorly documented change on Google's end around IAM permissions, which are not clearly accessible via the Firebase console.
The Cause:
Cloud functions were forbidding access to the function. Newly created functions did not have a Cloud Functions Invoker. This change was implemented on Jan 15, 2020
Solution:
Create Cloud Functions Invoker and set to allUsers. https://cloud.google.com/functions/docs/securing/managing-access-iam
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With