Spiral Out
Reputation: 1155
Protect Firebase functions without auth
Is it possible to protect firebase http triggered functions without auth and accept calls only from my firebase hosted app?
I want my web app to call firebase functions with unauthenticated users but I don't want this functions to be accessible from anywhere else.
Upvotes: 1
Views: 745
Answers (1)
Doug Stevenson
Reputation: 317467
This is not possible to enforce. All of your HTTP functions are accessible by all other clients out there, regardless of where they are in the world (unless something in their network is blocking them).
You could certainly make an attempt to guess if a request did not originate from your web site (by looking at the referrer header), but that information can be easily spoofed by an attacker.
Upvotes: 2
Related Questions
- How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?
- Firebase functions: Securing firebase https functions
- Protect Firebase callable functions from man in the middle
- Securing Firebase Cloud Function HTTP Endpoint
- How can I restrict access to my cloud functions?
- Is there a way to protect Firebase Cloud Functions being called from intruders without user authentication?
- Is there a way to restrict public access from firebase callable could functions
- Securing Firebase HTTP onCall-Functions
- authenticated access to Firebase REST API within cloud functions
- How to secure Firebase account etc. from user actions?