Requests for referrer are blocked when trying to sign in anonymously to Firebase
I’m trying to sign in anonymously from a Web app using the JS SDK and it works great on some environments, but on one environment, the exact same code that’s working elsewhere is giving me a 403:
(index):64 {“error”:{“code”:403,“message”:“Requests from referer https://myapp.firebaseapp.com/ are blocked.“,”errors”:[{“message”:“Requests from referer https://myapp.firebaseapp.com/ are blocked.“,”domain”:“global”,“reason”:“forbidden”}],“status”:“PERMISSION_DENIED”}}
Yet I think I checked everything is the same in all environments: anonymous authentication is enabled and my web app is on Firebase Hosting so the code should be environment-independent.
Any idea where else this could come from?
It seems like you have set some referrer restrictions on your API key. You need to go to the Google Cloud Console and modify these restrictions on your API key.
This helped for me:
console cloud google -> APIs & services -> credentials -> click on: browser key (auto created by firebase) -> application restrictions: none
&
API restrictions: don’t restrict key.
Now your API won’t block any requests. I hope this works!
Go to your Firebase console – Authentication.
Find your Authorized domains and copy them.
Go to Google Cloud Platform and find the Browser key (auto created by Firebase).
Add the previously copied domains to the HTTP referrers.
solution for
I set my app on google cloud platform to “http referrers” and was tring to access a file in Firebase storage. When I’m not logged in, the file could not be visited.
I found here and then googledreferrer restrictions firebase storage.
my solution
I see there’s a security rules for firebase storage in official docs. I checked the rule and it was by default allow read, write: if request.auth != null;. I changed it to allow write: if request.auth != null; allow read: if true;
Then everything worked.
To make it work I’ve added the following “website restrictions” for my “Browser key”:
