42

I just made a firebase cloud function :

exports.deleteAfterSevenDays = functions.https.onRequest((req, res) => {...

I deployed the function and got a function URL. When I request this url from my browser I get the following message :

"Error: Forbidden Your client does not have permission to get URL /200 from this server."

I have just updated to firebase Blaze plan because I thought there were limitations with Spark plan, but it still doesn't work.

In my firebase cloud function logs it is written "Function execution took 572 ms, finished with status code: 302".

My cron job "has been disabled automatically because of too many failed executions".

Do you see what's wrong?

AdrianHHH
  • 12,664
  • 16
  • 48
  • 79
Alex9494
  • 828
  • 1
  • 9
  • 19
  • Hi @Alex9494 did you manage to solve this one? Cheers. – Ivan Apr 30 '18 at 22:53
  • Hi Ivan not yet but I do intend to solve it "soon"... The first who gets the answer gives it to the other one ! ;) – Alex9494 May 03 '18 at 15:09
  • Seems I found the cause of my problem. It was simply a crash in the function I was invoking. Once I fixed it, request started to return 200. – Ivan May 03 '18 at 22:35
  • It was an issue in my firebase cloud function code as well. Terminate HTTP functions with res.redirect(), res.send(), or res.end() https://firebase.google.com/docs/functions/terminate-functions – Alex9494 Jul 10 '18 at 10:55

6 Answers6

64

Cloud function should have a role with member called "All users" to invoke this function from anywhere/anyone irrespective of an authorization.

Without Authorization:

  1. Go to the cloud function tab
  2. Select your cloud function (check box)
  3. Click "Add members" under Permissions tab in the right side
  4. Enter "allUsers" under "New memebers"
  5. Select Role as "Cloud Functions -> Cloud Functions Invoker"
  6. Save
  7. Test your cloud function by just pasting it in the browser

With Authorization:

It's always a good practice to set authorization on your cloud functions

Note: Cloud functions throwing error with "403 Forbidden - Your client does not have permission to get URL" should be called by authorized users.

Simple test:

  1. Click on Cloud shell(icon) terminal in the top

  2. type - gcloud auth print-identity-token

  3. copy the generated token

  4. forming Authorization key to be passed while calling cloud function 4.1 Authorization: bearer generated_token

  5. Use above Authorization key while calling your cloud function

Note:

  1. Never make a cloud function available to allUsers
suresh
  • 711
  • 4
  • 6
  • I tried with the Authorization, but the token seems to be expiring. I could not use the same token from yesterday :( – softdev Apr 22 '20 at 05:45
  • This token is the idToken - it is valid only 3600 seconds, after that you should update it. Documentation https://firebase.google.com/docs/auth/admin/manage-sessions – awaik Apr 25 '20 at 05:37
  • Note that this is the Google Cloud interface to the Functions, not the Firebase interface -- go to : https://console.cloud.google.com/functions – kris May 26 '20 at 13:48
27

From Cloud Function docs:

Caution: New HTTP and HTTP callable functions deployed with any Firebase CLI lower than version 7.7.0 are private by default and throw HTTP 403 errors when invoked. Either explicitly make these functions public, or update your Firebase CLI before you deploy any new functions.

In my case the CLI version was out of date. If you currently get the 403 error, try this:

  1. Delete your Cloud Functions
  2. Update Firebase CLI npm install -g firebase-tools
  3. Re-deploy your functions
basharovV
  • 269
  • 3
  • 4
  • That solved my problem. I installed the lastest firebase-tools, deleted my function on the FIrebase console and redeployed it. Et voilá. THANK YOU! – Marcelo Apr 26 '20 at 18:38
  • Besides updating cli, I had to enable unauthenticated function invocation as given here https://cloud.google.com/functions/docs/securing/managing-access-iam#allowing_unauthenticated_function_invocation – rahulserver May 11 '20 at 08:18
8

If you face this in 2020 it might also be due to a different access behaviour:

Note: As of January 15, 2020, HTTP functions require authentication by default. You can specify whether a function allows unauthenticated invocation at or after deployment.

https://cloud.google.com/functions/docs/securing/managing-access-iam#allowing_unauthenticated_function_invocation

Diolor
  • 12,142
  • 23
  • 103
  • 165
7

Changing the IAM role(Cloud Functions Invoker) for targeted cloud function to allUsers should solve this issue. https://console.cloud.google.com/functions

Manish YADAV
  • 87
  • 1
  • 2
  • 1
    I am having the same issue - can you please clarify what you mean by 'for targeted cloud function to allUsers'? – user2181948 Sep 19 '19 at 03:29
  • This looks to be a security risk? Can you please verify whether changing to allUsers does not have any security risks? – Nikhil Apr 05 '20 at 17:10
  • @Nikhil Not, always that you are dealing with public https functions and maybe custom handling auth inside them. – Karlo A. López Oct 29 '20 at 22:21
0

I know this doesn't make sense, or not a real solution but I solved it by making my account an Owner of the Firebase project. It was working nice while I was Editor but stopped working suddenly and setting my account as Owner solved it for now.

I guess it has to do with certain account having proper access to the Service Account which is the actual interface with Firebase Functions and Google Cloud API.

Rami Alloush
  • 1,186
  • 2
  • 11
  • 21
  • I am also facing the same issue. I deployed a new cloud function to the firebase project today and I am not able to execute it. Giving exactly the same error. Existing functions present in the firebase project are working fine. So it looks like the issue is for recently newly deployed functions. – Nikhil Apr 05 '20 at 17:09
  • same problem here. can you guys find any solution? – Dulaj Madusanka Apr 23 '20 at 05:10
0

In my case, I made error in Postman when I typed Body of Request, I didn't switched format from Text to JSON.

Check that part.

Milan Stojadinovic
  • 31
  • 7