Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firebase cloud function "Your client does not have permission to get URL /200 from this server"

Tags:

firebase

google-cloud-functions

Cloud function should have a role with member called "All users" to invoke this function from anywhere/anyone irrespective of an authorization.

Without Authorization:

  1. Go to the cloud function tab
  2. Select your cloud function (check box)
  3. Click "Add members" under Permissions tab in the right side
  4. Enter "allUsers" under "New memebers"
  5. Select Role as "Cloud Functions -> Cloud Functions Invoker"
  6. Save
  7. Test your cloud function by just pasting it in the browser

With Authorization:

It's always a good practice to set authorization on your cloud functions

Note: Cloud functions throwing error with "403 Forbidden - Your client does not have permission to get URL" should be called by authorized users.

Simple test:

  1. Click on Cloud shell(icon) terminal in the top

  2. type - gcloud auth print-identity-token

  3. copy the generated token

  4. forming Authorization key to be passed while calling cloud function 4.1 Authorization: bearer generated_token

  5. Use above Authorization key while calling your cloud function

Note:

  1. Never make a cloud function available to allUsers

From Cloud Function docs:

Caution: New HTTP and HTTP callable functions deployed with any Firebase CLI lower than version 7.7.0 are private by default and throw HTTP 403 errors when invoked. Either explicitly make these functions public, or update your Firebase CLI before you deploy any new functions.

In my case the CLI version was out of date. If you currently get the 403 error, try this:

  1. Delete your Cloud Functions
  2. Update Firebase CLI npm install -g firebase-tools
  3. Re-deploy your functions

If you face this in 2020 it might also be due to a different access behaviour:

Note: As of January 15, 2020, HTTP functions require authentication by default. You can specify whether a function allows unauthenticated invocation at or after deployment.

https://cloud.google.com/functions/docs/securing/managing-access-iam#allowing_unauthenticated_function_invocation


Changing the IAM role(Cloud Functions Invoker) for targeted cloud function to allUsers should solve this issue. https://console.cloud.google.com/functions

Related questions

Function DocumentReference.set() called with invalid data. Unsupported field value: a custom Budget object
How do I prevent un-authorized access to my Firebase Realtime Database?
Restricting child/field access with security rules
Google Firebase Error(Function returned undefined, expected Promise or value)
Calling a Cloud Function from another Cloud Function
Use firebase cloud function to send POST request to non-google server
How to upload a mapping file to Firebase Crashlytics?
Add Extra Details on Firebase User Table
Can firebase be used as a database in China now
Get code from firebase console which I deployed earlier
Firebase: Cannot upload production APNs certificate
How to change the app name for firebase authentication (what the user sees)
Cloud Functions for Firebase killed due to memory limit exceeded
What happens to Firebase anonymous users?
How can I login with multiple social services with Firebase?
How to create/update multiple documents at once in Firestore
In what period does the firebase's app token changes and how to manage it?
Firebase Cloud Firestore : Invalid collection reference. Collection references must have an odd number of segments
Google App Engine vs Firebase
How to change language default in Firebase console web? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!