Firebase cloud function "Your client does not have permission to get URL /200 from this server"
FirebaseGoogle Cloud-FunctionsFirebase Problem Overview
I just made a firebase cloud function :
exports.deleteAfterSevenDays = functions.https.onRequest((req, res) => {...
I deployed the function and got a function URL. When I request this url from my browser I get the following message :
> "Error: Forbidden Your client does not have permission to get URL /200 > from this server."
I have just updated to firebase Blaze plan because I thought there were limitations with Spark plan, but it still doesn't work.
In my firebase cloud function logs it is written "Function execution took 572 ms, finished with status code: 302".
My cron job "has been disabled automatically because of too many failed executions".
Do you see what's wrong?
Firebase Solutions
Solution 1 - Firebase
Cloud function should have a role with member called "All users" to invoke this function from anywhere/anyone irrespective of an authorization.
Without Authorization:
- Go to the cloud function tab
- Select your cloud function (check box)
- Click "Add members" under Permissions tab in the right side
- Enter "allUsers" under "New memebers"
- Select Role as "Cloud Functions -> Cloud Functions Invoker"
- Save
- Test your cloud function by just pasting it in the browser
With Authorization:
It's always a good practice to set authorization on your cloud functions
Note: Cloud functions throwing error with "403 Forbidden - Your client does not have permission to get URL" should be called by authorized users.
Simple test:
-
Click on Cloud shell(icon) terminal in the top
-
type - gcloud auth print-identity-token
-
copy the generated token
-
forming Authorization key to be passed while calling cloud function 4.1 Authorization: bearer generated_token
-
Use above Authorization key while calling your cloud function
Note:
- Never make a cloud function available to allUsers
Solution 2 - Firebase
From Cloud Function docs:
> Caution: New HTTP and HTTP callable functions deployed with any > Firebase CLI lower than version 7.7.0 are private by default and throw > HTTP 403 errors when invoked. Either explicitly make these functions > public, or update your Firebase CLI before you deploy any new > functions.
In my case the CLI version was out of date. If you currently get the 403 error, try this:
- Delete your Cloud Functions
- Update Firebase CLI
npm install -g firebase-tools
- Re-deploy your functions
Solution 3 - Firebase
To be clear:
- Go to your function (make sure your project is selected):
https://console.cloud.google.com/functions/details/us-central1/ssr
- Click Permissions Tab
- Click Add Permissions
- New Principals:
allUsers
Role:Cloud Functions Invoker
Done.
J
Solution 4 - Firebase
If you face this in 2020 it might also be due to a different access behaviour:
> Note: As of January 15, 2020, HTTP functions require authentication by > default. You can specify whether a function allows unauthenticated > invocation at or after deployment.
Solution 5 - Firebase
Changing the IAM role(Cloud Functions Invoker) for targeted cloud function to allUsers should solve this issue. https://console.cloud.google.com/functions
Solution 6 - Firebase
This might be far fetched but if you have interrupted a cloud function deployment, then redeployed the function (which lead to an error), and after that you redeployed the function successfully this could have caused the issue.
I am trying to reproduce, but simple deleting the function in the firebase console and redeploying worked for me.
Solution 7 - Firebase
Enable access from Postman project:
- Open https://console.cloud.google.com/functions
- Open cloud shell (right top terminal icon)
- Write:
gcloud auth print-identity-token
- Copy your token and open your Posman
- Right click on your collection -> Edit
- Authorization -> Choose type
OAuth 2.0
- Paste your token in the Access Token
Note: You can do the same for a single request or folder.
Solution 8 - Firebase
Here are the steps
- Go the Google Cloud Console(Not Firebase Console) -> Search For Cloud Functions to see the list of functions
- Click the checkbox next to the function to which you want to grant access.
- Click Permissions at the top of the screen. The Permissions panel opens.
- Click Add principal.
- In the New principals field, type allUsers.
- Select the role Cloud Functions > Cloud Functions Invoker from the
- Select a role drop-down menu.
- Click Save.
Solution 9 - Firebase
it happens to me after i upgraded all NPM packages and then deployed... i delete all the functions from the cloude and re-deplyed them. it solve me this error immediately. without change permisions or any other cahnge
Solution 10 - Firebase
I know this doesn't make sense, or not a real solution but I solved it by making my account an Owner
of the Firebase project. It was working nice while I was Editor
but stopped working suddenly and setting my account as Owner
solved it for now.
I guess it has to do with certain account having proper access to the Service Account
which is the actual interface with Firebase Functions and Google Cloud API.
Solution 11 - Firebase
In my case, I made error in Postman when I typed Body of Request, I didn't switched format from Text to JSON.
Check that part.