user1872384
user1872384

Reputation: 7147

How to secure firebase https function?

I have a firebase https function:

exports.updateDatabase = functions.https.onRequest((req, res) => {
  // ...
});

Which can be called via: https://us-central1-xxx-xxx.cloudfunctions.net/date

Does it mean that anyone with this url is able to update the database?

Is there a way to secure it when calling it from browser?

Upvotes: 0

Views: 197

Answers (1)

Doug Stevenson
Doug Stevenson

Reputation: 317868

You can't stop the function from being invoked by anyone who knows the URL.

You can stop the function from doing something harmful by only allowing it to perform its intended action by requiring that an authenticated user call it, assuming you trust that user.

There is an example of requiring authentication in the official code samples here.

Upvotes: 2

Related Questions