Firebase Cloud 函数“您的客户端没有从此服务器获取 URL/200的权限”

我刚做了一个火库云功能:

exports.deleteAfterSevenDays = functions.https.onRequest((req, res) => {...

我部署了这个函数,得到了一个函数 URL。当我从浏览器中请求这个网址时,我会得到以下消息:

”错误: 禁止您的客户端没有获取 URL/200的权限 从这个服务器

我刚刚更新到火焰基地计划,因为我认为有限制与火花计划,但它仍然不工作。

在我的 Firebase 云功能日志中写道: “功能执行花费了572毫秒,完成状态代码: 302”。

我的 cron 作业“由于太多执行失败而被自动禁用”。

你知道出什么事了吗?

70438 次浏览
小开

Changing the IAM role(Cloud Functions Invoker) for targeted cloud function to allUsers should solve this issue. https://console.cloud.google.com/functions

小开

Cloud function should have a role with member called "All users" to invoke this function from anywhere/anyone irrespective of an authorization.

Without Authorization:

  1. Go to the cloud function tab
  2. Select your cloud function (check box)
  3. Click "Add members" under Permissions tab in the right side
  4. Enter "allUsers" under "New memebers"
  5. Select Role as "Cloud Functions -> Cloud Functions Invoker"
  6. Save
  7. Test your cloud function by just pasting it in the browser

With Authorization:

It's always a good practice to set authorization on your cloud functions

Note: Cloud functions throwing error with "403 Forbidden - Your client does not have permission to get URL" should be called by authorized users.

Simple test:

  1. Click on Cloud shell(icon) terminal in the top

  2. type - gcloud auth print-identity-token

  3. copy the generated token

  4. forming Authorization key to be passed while calling cloud function 4.1 Authorization: bearer generated_token

  5. Use above Authorization key while calling your cloud function

Note:

  1. Never make a cloud function available to allUsers
小开

I know this doesn't make sense, or not a real solution but I solved it by making my account an Owner of the Firebase project. It was working nice while I was Editor but stopped working suddenly and setting my account as Owner solved it for now.

I guess it has to do with certain account having proper access to the Service Account which is the actual interface with Firebase Functions and Google Cloud API.

小开

From Cloud Function docs:

Caution: New HTTP and HTTP callable functions deployed with any Firebase CLI lower than version 7.7.0 are private by default and throw HTTP 403 errors when invoked. Either explicitly make these functions public, or update your Firebase CLI before you deploy any new functions.

In my case the CLI version was out of date. If you currently get the 403 error, try this:

  1. Delete your Cloud Functions
  2. Update Firebase CLI npm install -g firebase-tools
  3. Re-deploy your functions
小开

If you face this in 2020 it might also be due to a different access behaviour:

Note: As of January 15, 2020, HTTP functions require authentication by default. You can specify whether a function allows unauthenticated invocation at or after deployment.

https://cloud.google.com/functions/docs/securing/managing-access-iam#allowing_unauthenticated_function_invocation

小开

In my case, I made error in Postman when I typed Body of Request, I didn't switched format from Text to JSON.

Check that part.

小开

This might be far fetched but if you have interrupted a cloud function deployment, then redeployed the function (which lead to an error), and after that you redeployed the function successfully this could have caused the issue.

I am trying to reproduce, but simple deleting the function in the firebase console and redeploying worked for me.

小开

To be clear:

  1. Go to your function (make sure your project is selected):

https://console.cloud.google.com/functions/details/us-central1/ssr

  1. Click Permissions Tab
  2. Click Add Permissions
  3. New Principals: allUsers
    Role: Cloud Functions Invoker

Done.

J

小开

Enable access from Postman project:

  1. Open https://console.cloud.google.com/functions
  2. Open cloud shell (right top terminal icon)
  3. Write: gcloud auth print-identity-token
  4. Copy your token and open your Posman
  5. Right click on your collection -> Edit
  6. Authorization -> Choose type OAuth 2.0
  7. Paste your token in the Access Token

Note: You can do the same for a single request or folder.

小开

Here are the steps

  • Go the Google Cloud Console(Not Firebase Console) -> Search For Cloud Functions to see the list of functions
  • Click the checkbox next to the function to which you want to grant access.
  • Click Permissions at the top of the screen. The Permissions panel opens.
  • Click Add principal.
  • In the New principals field, type allUsers.
  • Select the role Cloud Functions > Cloud Functions Invoker from the
  • Select a role drop-down menu.
  • Click Save.
小开

it happens to me after i upgraded all NPM packages and then deployed... i delete all the functions from the cloude and re-deplyed them. it solve me this error immediately. without change permisions or any other cahnge


提交答案