(firebase functions) Error: Forbidden Your client does not have permission to get URL /

Question

I have problem when invoking deployed function in firebase. I have an editor role in the firebase project and when I deployed functions, didn't have any problem with invoking them. When I deployed a new function yesterday, I got the error message that says

Error: Forbidden

Your client does not have permission to get URL / < Function Name > from this server.

Nothing has been changed to my role. It is strange that since yesterday, whatever function I deployed, threw those errors.

In gcp console/cloud functions, where you can see permissions of the function that was selected, I've noticed that "cloud functions invoker" was not assigned to that function. I thought this should be added to any function by default as long as I have an editor access but strangely it does not add them anymore. other functions that were deployed since yesterday have the same issue

any suggestions or advices will be appreciated. Thank you

Answer 1

I defined my Firebase cloud functions in typescript/JS and deploy using Firebase CLI. I got this error after customizing the deployment settings, and I fixed it by specifying invoker="public" - I did not need to dig into IAM settings or use the console or CLI to fix.

export const serve = functions
  .region("us-west2")
  .runWith({
    invoker: "public",  // this is the magic line 
  })
  .https.onRequest(
    async (request: functions.Request, response: functions.Response) => {
   // ...
  })

Answer 2

To allow unauthenticated invocation of a function, you add the special allUsers member id to the function and grant it the Cloud Functions Invoker role:

You can limit domain access in your function, for example:

exports.myTest= async(req, res) => {
  res.set('Access-Control-Allow-Origin', 'foo.com');
  ...etc 

Answer 3

Unfortunately, you can't do this in Firebase, you have to go into the Google Cloud project which 'hosts' your firebase project. You can follow this guide by Google, and have a look at the screenshots below:

You should see Allow unauthenticated now

Answer 4

So here's the answer from the firebase team

The issue you are experiencing is likely caused by the fact that after January 15, 2020, Google Cloud Functions automatically creates HTTP functions to be >private by default.

Please, update the CLI, by running the following command:

npm install -g firebase-tools

This will ensure that future HTTP functions that are created will be publicly accessible.

Lastly, for the existing functions that has the permission issues, you will need >to manually set a function to public using Cloud Console or gcloud CLI.

If you have any questions or you are still facing this issue, please, don’t >hesitate to write back.

edited* There could be several reasons to cause this issue.

1. check your function endpoint url make sure there's no typo or space
2. In the gcp console, make sure you have permission to invoke function https://console.cloud.google.com/functions/list?project=<YOUR_PROJECT_ID>
3. If the above two are checked, delete your function and redeploy your them again

Answer 5

updating firebase-tools wasn't enough in my case because i already deployed that function and updating it didn't fix the issue, i had to delete it and deploy again

Answer 6

• Please Review Allowing unauthenticated function invocation

As of January 15, 2020, HTTP functions require authentication by default. You can specify whether a function allows unauthenticated invocation at or after deployment.