Reputation: 6116
Sudden error (403-Forbidden) on Firestore calls
I have this simple code using Firestore-PHP
<?php
require 'vendor/autoload.php';
use Google\Cloud\Firestore\FirestoreClient;
putenv('GOOGLE_APPLICATION_CREDENTIALS='.realpath("key.json"));
$db = new FirestoreClient();
$docRef = $db->collection('orders')->document('1562292363537');
$snapshot = $docRef->snapshot();
?>
All my PHP calls to Firestore started getting this error suddenly: (403:Forbidden)
Uncaught Google\Cloud\Core\Exception\ServiceException: {
"message": "403:Forbidden",
"code": 14,
"status": "UNAVAILABLE",
"details": [
{
"@type": "content-length",
"data": "0"
},
{
"@type": "date",
"data": "Sun, 12 Dec 2021 00:00:36 GMT"
},
{
"@type": "alt-svc",
"data": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\""
}
]
I'm having this issue with two different projects, and using the latest Google-Cloud-SDK available.
I tried to create a new service account key with full permissions But there's no benefit.
This error started as the same time App Check started showing this graph:
Although App check is Unenforced in the settings
Is there anyway to fix this issue please ?
Upvotes: 2
Views: 1407
Answers (3)
Reputation: 396
I just ran into this problem. It was related to using an outdated firebase-admin package. Apparently without warning Google has outdated v8 and lower. You will need to upgrade your package to the latest.
npm i firebase-admin@latest
Upvotes: 1
Reputation: 2045
From your screenshot, the errors are due to outdated clients requests. Check the library you're using and make sure they're updated, according to this link on how to enable App Check in web apps.
Here are some guidelines that could be helpful for you:
- If almost all of the recent requests are from verified clients, consider enabling enforcement to start protecting your backend resources.
- If a significant portion of the recent requests are from likely-outdated clients, to avoid disrupting users, consider waiting for more users to update your app before enabling enforcement. Enforcing App Check on a released app will break prior app versions that are not integrated with the App Check SDK.
- If your app hasn't launched yet, you should enable App Check enforcement immediately, since there aren't any outdated clients in use.
Upvotes: 0
Reputation: 2808
Just a guess as I haven't seen it before but I suspect the "Unenforced" in the status of RTDB and Cloud Firestore are because of lax or missing Rules.
Ensure you have Rules set, and that they don't leave your database "wide open" from a security standpoint.
For example, if you have Allow read, write: true then your database is "wide open". At the very least you want to enforce that users be authenticated with something like: Allow read, write: if request.auth.uid != null
(Note: you can still allow Anonymous users to access your app by enabling Anonymous Authentication if Firebase Auth. Anonymous Firebase Auth users are still using "authenticated" requests)
Upvotes: 0
Related Questions
- Firebase Firestore "Missing or insufficient permissions" despite open security rules
- Firebase App check denied all queries for Firestore in Android
- Firebase App Check prevents Firestore unlimited requests?
- All my requests to Firestore are classified as unverified because of AppCheck?
- Firebase: Debugging insufficient permissions
- Error 403 on Calling Firebase Firestore Rest API
- How to track down source of "Missing or insufficient permissions" in Firestore?
- Cloud Firestore: Missing or insufficient permissions
- Error: Missing or insufficient permissions
- Firestore Invalid Permissions: request.auth.uid in