user1872384
Reputation: 7147
How to secure firebase https function?
I have a firebase https function:
exports.updateDatabase = functions.https.onRequest((req, res) => {
// ...
});
Which can be called via: https://us-central1-xxx-xxx.cloudfunctions.net/date
Does it mean that anyone with this url is able to update the database?
Is there a way to secure it when calling it from browser?
Upvotes: 0
Views: 197
Answers (1)
Doug Stevenson
Reputation: 317868
You can't stop the function from being invoked by anyone who knows the URL.
You can stop the function from doing something harmful by only allowing it to perform its intended action by requiring that an authenticated user call it, assuming you trust that user.
There is an example of requiring authentication in the official code samples here.
Upvotes: 2
Related Questions
- Firebase functions: Securing firebase https functions
- how to Invoke a firebase callable function from firebase https function with authentication?
- passing sensitive information to Firebase Cloud Functions using parameters
- Firebase Cloud Functions: TLS Certificate
- Asynchronous https firebase functions
- Is firebase functions http requests secure
- Make HTTPS call within Firebase Function
- Securing Firebase HTTP onCall-Functions
- Parameters in Firebase Cloud Functions HTTPS
- how to use firebase https trigger functions