Firebase cloud function "Your client does not have permission to get URL /200 from this server"

I just made a firebase cloud function :

exports.deleteAfterSevenDays = functions.https.onRequest((req, res) => {...

I deployed the function and got a function URL. When I request this url from my browser I get the following message :

> "Error: Forbidden Your client does not have permission to get URL /200 > from this server."

I have just updated to firebase Blaze plan because I thought there were limitations with Spark plan, but it still doesn't work.

In my firebase cloud function logs it is written "Function execution took 572 ms, finished with status code: 302".

My cron job "has been disabled automatically because of too many failed executions".

Do you see what's wrong?

Cloud function should have a role with member called "All users" to invoke this function from anywhere/anyone irrespective of an authorization.

Without Authorization:

1. Go to the cloud function tab
2. Select your cloud function (check box)
3. Click "Add members" under Permissions tab in the right side
4. Enter "allUsers" under "New memebers"
5. Select Role as "Cloud Functions -> Cloud Functions Invoker"
6. Save
7. Test your cloud function by just pasting it in the browser

With Authorization:

It's always a good practice to set authorization on your cloud functions

Note: Cloud functions throwing error with "403 Forbidden - Your client does not have permission to get URL" should be called by authorized users.

Simple test:

1. Click on Cloud shell(icon) terminal in the top

2. type - gcloud auth print-identity-token

3. copy the generated token

4. forming Authorization key to be passed while calling cloud function 4.1 Authorization: bearer generated_token

5. Use above Authorization key while calling your cloud function

Note:

1. Never make a cloud function available to allUsers

From Cloud Function docs:

> Caution: New HTTP and HTTP callable functions deployed with any > Firebase CLI lower than version 7.7.0 are private by default and throw > HTTP 403 errors when invoked. Either explicitly make these functions > public, or update your Firebase CLI before you deploy any new > functions.

In my case the CLI version was out of date. If you currently get the 403 error, try this:

1. Delete your Cloud Functions
2. Update Firebase CLI npm install -g firebase-tools
3. Re-deploy your functions

To be clear:

1. Go to your function (make sure your project is selected):

https://console.cloud.google.com/functions/details/us-central1/ssr

2. Click Permissions Tab
3. Click Add Permissions
4. New Principals: allUsers
   Role: Cloud Functions Invoker

Done.

J

If you face this in 2020 it might also be due to a different access behaviour:

> Note: As of January 15, 2020, HTTP functions require authentication by > default. You can specify whether a function allows unauthenticated > invocation at or after deployment.

https://cloud.google.com/functions/docs/securing/managing-access-iam#allowing_unauthenticated_function_invocation

Changing the IAM role(Cloud Functions Invoker) for targeted cloud function to allUsers should solve this issue. https://console.cloud.google.com/functions

This might be far fetched but if you have interrupted a cloud function deployment, then redeployed the function (which lead to an error), and after that you redeployed the function successfully this could have caused the issue.

I am trying to reproduce, but simple deleting the function in the firebase console and redeploying worked for me.

Enable access from Postman project:

1. Open https://console.cloud.google.com/functions
2. Open cloud shell (right top terminal icon)
3. Write: gcloud auth print-identity-token
4. Copy your token and open your Posman
5. Right click on your collection -> Edit
6. Authorization -> Choose type OAuth 2.0
7. Paste your token in the Access Token

Note: You can do the same for a single request or folder.

Here are the steps

• Go the Google Cloud Console(Not Firebase Console) -> Search For Cloud Functions to see the list of functions
• Click the checkbox next to the function to which you want to grant access.
• Click Permissions at the top of the screen. The Permissions panel opens.
• Click Add principal.
• In the New principals field, type allUsers.
• Select the role Cloud Functions > Cloud Functions Invoker from the
• Select a role drop-down menu.
• Click Save.

it happens to me after i upgraded all NPM packages and then deployed... i delete all the functions from the cloude and re-deplyed them. it solve me this error immediately. without change permisions or any other cahnge

I know this doesn't make sense, or not a real solution but I solved it by making my account an Owner of the Firebase project. It was working nice while I was Editor but stopped working suddenly and setting my account as Owner solved it for now.

I guess it has to do with certain account having proper access to the Service Account which is the actual interface with Firebase Functions and Google Cloud API.

In my case, I made error in Postman when I typed Body of Request, I didn't switched format from Text to JSON.

Check that part.