英文:
Why does Angular Fire / Firebase Deny my Web App Check Request Even with the Debug Token Setup for Local Development?
问题
AngularFire / Firebase 调试令牌问题
在我的 app.module.ts
:
import <各种导入>...
declare global {
// eslint-disable-next-line no-var
var FIREBASE_APPCHECK_DEBUG_TOKEN: boolean | string | undefined;
}
self.FIREBASE_APPCHECK_DEBUG_TOKEN = environment.appCheckDebug; // 设置为在 Firebase 控制台中与 App-Check 注册的 <debugToken>
@NgModule({
declarations: [<组件声明>...],
imports: [
<ng 材料模块导入>...,
provideFirebaseApp(() => initializeApp(environment.firebaseConfig)),
provideAppCheck(() =>
initializeAppCheck(getApp(), {
provider: new ReCaptchaV3Provider(environment.recaptchaSiteKey),
isTokenAutoRefreshEnabled: true,
})
),
provideFirestore(() => getFirestore()),
provideStorage(() => getStorage()),
provideAnalytics(() => initializeAnalytics(getApp())),
<serviceworker 模块>],
providers:[],
bootstrap:[AppComponent]
})
export class AppModule{}
问题似乎是对 https://content-firebaseappcheck.googleapis.com/v1/projects/<projectId>/apps/<appId>:exchangeDebugToken?key=<firebaseAPIKey>
的 POST 请求。
请求体:
{"debug_token":"<debugToken>"}
响应:
{
"error": {
"code": 403,
"message": "阻止来自引用者 http://localhost:8080/ 的请求。",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_HTTP_REFERRER_BLOCKED",
"domain": "googleapis.com",
"metadata": {
"service": "firebaseappcheck.googleapis.com",
"consumer": "projects/<redact>"
}
}
]
}
}
当我尝试通过 Postman 发送带有 Firebase 主机 URL 的 Referer 标头的 POST 请求时,成功了。我以为调试令牌应该可以避免需要来自本地主机上项目 URL 的请求,所以我很困惑。
英文:
AngularFire / Firebase Debug Token Issues
In my app.module.ts
:
import <various imports>...
declare global {
// eslint-disable-next-line no-var
var FIREBASE_APPCHECK_DEBUG_TOKEN: boolean | string | undefined;
}
self.FIREBASE_APPCHECK_DEBUG_TOKEN = environment.appCheckDebug; // set to <debugToken> that registered with App-Check in Firebase Console
@NgModule({
declarations: [<component decs>...],
imports: [
<ng material module imports>...,
provideFirebaseApp(() => initializeApp(environment.firebaseConfig)),
provideAppCheck(() =>
initializeAppCheck(getApp(), {
provider: new ReCaptchaV3Provider(environment.recaptchaSiteKey),
isTokenAutoRefreshEnabled: true,
})
),
provideFirestore(() => getFirestore()),
provideStorage(() => getStorage()),
provideAnalytics(() => initializeAnalytics(getApp())),
<serviceworker module>],
providers:[],
bootstrap:[AppComponent]
})
export class AppModule{}
The issue seems to be a POST request to https://content-firebaseappcheck.googleapis.com/v1/projects/<projectId>/apps/<appId>:exchangeDebugToken?key=<firebaseAPIKey>
Request body:
{"debug_token":"<debugToken>"}
Response:
{
"error": {
"code": 403,
"message": "Requests from referer http://localhost:8080/ are blocked.",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_HTTP_REFERRER_BLOCKED",
"domain": "googleapis.com",
"metadata": {
"service": "firebaseappcheck.googleapis.com",
"consumer": "projects/<redact>"
}
}
]
}
}
When I tried to add a Referer header using the Firebase hosting url through a postman POST request it was successful. I thought the debug token was supposed to get around needing the request to be from the project url on localhost, so I'm very confused.
答案1
得分: 0
参见第4个答案,涉及API密钥限制。这在我的情况下是原因。
英文:
https://stackoverflow.com/questions/69521649/how-to-use-firebase-app-check-in-react-403-error
See answer 4 regarding API key restriction. It was the cause in my case.
答案2
得分: 0
这是答案。我已经限制了我的API密钥,需要撤销限制。https://stackoverflow.com/questions/54072206/requests-for-referrer-are-blocked-when-trying-to-sign-in-anonymously-to-firebase
此外,我还遇到了这个问题,并通过以下方式解决了它:
你需要在客户端使用 await getToken()
并将其作为你的 X-Firebase-AppCheck
头部发送:
async getAppCheckToken(): Promise<string | AppCheckTokenResult | undefined> {
try {
info(this.appCheck);
this.tokenResult = (await getToken(this.appCheck)).token;
info(this.tokenResult);
} catch (err) {
error(err);
}
return this.tokenResult;
}
它将生成一个可以在 jwt.io 上检查的调试提供者 jwt,其载荷应该如下所示:
{
"sub": "<appId>",
"aud": [
"projects/<project-number>",
"projects/<project-name>"
],
"provider": "debug",
"iss": "https://firebaseappcheck.googleapis.com/<project-number>",
"exp": 1684275518,
"iat": 1684271918,
"jti": "<jwt-uuid-redacted>"
}
英文:
This was the answer. I had restricted my API Key and needed to undo that. https://stackoverflow.com/questions/54072206/requests-for-referrer-are-blocked-when-trying-to-sign-in-anonymously-to-firebase
In addition to this I had issues with this question as well, resolved it with the following:
You need to use await getToken()
in your client and send that as your X-Firebase-AppCheck
header:
async getAppCheckToken(): Promise<string | AppCheckTokenResult | undefined> {
try {
info(this.appCheck);
this.tokenResult = (await getToken(this.appCheck)).token;
info(this.tokenResult);
} catch (err) {
error(err);
}
return this.tokenResult;
}
it will generate a debug provider jwt that you can check on jwt.io, it's payload should look like the following:
{
"sub": "<appId>",
"aud": [
"projects/<project-number>",
"projects/<project-name>"
],
"provider": "debug",
"iss": "https://firebaseappcheck.googleapis.com/<project-number>",
"exp": 1684275518,
"iat": 1684271918,
"jti": "<jwt-uuid-redacted>"
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论