-
Notifications
You must be signed in to change notification settings - Fork 885
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OPTIONS installations/***/authTokens:generate request causes CORS error #2467
Comments
Thank you @ctavan . I am having the same issue and i think its irrelevant to OS.
I don't have this problem with my MacOS Chrome and Opera browser in Ubuntu.(In these i didn't use the app quite a while)
In rest of the databases both browsers are having records. |
I have different users(and of course they have different instances) for Chrome. Both were having this issue. So i deleted firebase databases from one of them. Problem is gone for that one and receiving FCM token. But issue remains for the other one. |
Thanks for the detailed description. Unfortunately I can't reproduce this, even when (force) calling the @rommelpe could you take a look as well? |
@mmermerkaya how could I try force calling |
@mmermerkaya I just checked which version i started to use this sdk. first npm version was |
@ctavan This should do it: import firebase from "firebase/app";
import "firebase/installations";
const app = firebase.initializeApp({/* your config */});
const installations = app.installations();
installations.getToken(/* forceRefresh= */ true); Installations SDK reference docs can be found here. @GoktuqCan Thanks! I'll try that. |
Hi I have the same issue and to be honest its a huge problem now as I get a lot of support requests from users. On Friday/Saturday, it stopped working same error Access to fetch at 'https://firebaseinstallations.googleapis.com/v1/projects/coral-ring-XXXX/installations/XXXXXXX/authTokens:generate' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. *it's an error from localhost but I have the same error in production Request URL: https://firebaseinstallations.googleapis.com/v1/projects/coral-ring-XXXX/installations/XXXXX/authTokens:generate Mac OS / Chrome 78 firebase@7.6.0 Update 1: Just tried @7.6.1 - same problem (obviously) Update 2: Tried on a new machine - works fine. (I still have 500 (Delete token call to FCM) when manually change notification settings to ask but it works |
In my app I've added Firebase (with angular/fire) but other than initialization and call for performance module it does nothing related to database or other services (no storage, auth...etc). Yet I'm getting same error. If I open browser in incognito mode works fine, or delete cache it works again but some time later get that error again. It's a PWA and testers already installed to their phones, which is a problem. UPDATE: UPDATE 2 |
I have the same problem. |
I confirm this issue. It did not happended about 7 days before. The problem occurs only some day ago.
|
Facing same issue if anyone found a workaround in the mean time please let all of us know. BTW works on Firefox for me, not Chrome tho. |
@bogacg the Stack Overflow answer you have posted does not seem to be related: In the project where I see the error I use unrestricted API Keys, so this can't be the issue. |
@mmermerkaya I still see the same error with your minimal reproduction code (calling |
Same error here. Happens on Firefox and Chrome 79. I'm on Windows 10. Deleting the The indexedDB contained this before deleting it:
|
Same here. @Christilut is right, deleting |
I tried and this works. Need a fix from the source code for other clients. |
Experiencing the same issue: Operating System version: Windows 10 |
same issue with FCM in react.js application
|
I'm getting this problem on OSX with Chrome 79.0.3945.88 (Official Build) (64-bit). I am using Angular with firebase 7.6.1 and @angular/fire 5.2.3. Here is the error
|
We have resolved it by using older versions of sdk <script src="https://www.gstatic.com/firebasejs/7.5.2/firebase-app.js"></script>
<script src="https://www.gstatic.com/firebasejs/7.5.2/firebase-messaging.js"></script> |
@springfirenator is that the latest version that does not have that error and can we still use analytics, remote config, and performance? |
@shadow1349 I guess you can use analytics of same version. And yes, the latest builds 7.6.0 and 7.6.1 produce these errors. <script src="https://www.gstatic.com/firebasejs/7.5.2/firebase-analytics.js"></script> |
I was having exactly the same problem mentioned in the issue. |
@adarshmadrecha Not really the same thing, error we are seeing this time occurs even if app already has unrestricted access. SDK changes with version 7.6.0 and service changes which we can't know about are causing this. This is a bad practice on Google's part making breaking changes without properly informing their ecosystem both external and internal (it seems SDK developers aren't sure what's going on with the servers and can't make proper changes to their code) |
Thanks @springfirenator
npm users also have to do an uninstall and fallback to previous version as follows: |
Despite falling back to v7.5.2 I'm still having issues 🤷♂️🤦♂️ Update: App seems to work fine on default given Update 2: I've waited 1 hour after deletion of custom domain, then re-added. On Windows 10 Chrome PWA did not present any error. On Android errors kept coming and I had to clean browser cache. After that it worked as expected. |
I'm hosting two websites with different domains in the same Firebase Hosting project. Both websites worked just fine until I noticed that today one of them - WEBSITETWO - started to complain:
Both websites are built upon Gatsby. Falling back to Firebase v7.5.2 for WEBSITTWO didn't help 👎 UPDATE: So I think we're all good now :) |
This not work for me... |
I've also whitelisted my two domains, restricting the API keys to work only from those two domains. Maybe that helped? Before that, my key was unrestricted regarding the clients. My backend services are unrestricted. |
I had to use the code above to fix the error. Google needs to be more careful with that kind of update. I shall wait for any further updates before using the latest Firebase version. |
I had the same issue with firebase ^7.6.0. I can send messages to saved tokened devices but after i run messaging.getToken() and get authentication error this devices only can't receive this notification. Downgrade to version 7.5.2 solve my issue. I hope firebase solve this issue. |
Donwgrading to 7.5.2 solved my issue too. On my project I use only the authentication. It was working ok. I stoped working on my project for 5 days (more or less). It was working good, but then today I got this error. |
Downgrading to 7.5.2 worked for me, too. I had trouble getting new messaging tokens. As far as I know, auth still worked. Refreshing the messaging token failed with the error mentioned in the OP and then kept calling the callback, causing high CPU usage + broke notifications. |
Downgrading to The only difference that I could spot in the 7.5.2:
7.6.1:
@mmermerkaya does this make any sense? |
This could be the offending change: https://github.com/firebase/firebase-js-sdk/pull/2400/files#diff-ca22055c1f9e65be7e6caae4a4824412R42-R49 |
Same problem here. It worked for a few days, but now I'm also encountering this issue. I am also on Looking forward to a fix, because without it, I am unable to use FCM at all :/ |
Hey everyone, thanks for the investigation and sorry for the silence from our part. Things have been a little slow because of the holiday season. I've reported this to our backend team a few days ago and I'm currently waiting for them to investigate this. |
This error might have been introduced by #2400 which adds a new (not standard) request-header to the FIS SDK. Browsers may block these requests if the receiving server does not send the appropriate CORS header. |
Hi all, I think I encounter the same problem firebase version: 7.6.1
cors issue.... |
I found that this issue only affects |
Sorry to everyone who's been experiencing this issue. Our backend team has just checked in a change to allow these headers. I'll let you know when it's rolled out. |
The fix should be in production since ~ 1pm PT. |
@GoktuqCan , @aetbaev , @cosmospham , @Christilut , @patrickmichalina , @Domiii : The FIS library was working fine until #2400 introduced an additional header being sent to Firebase without enabling CORS headers on server-side for this new (not standard) request-header. |
@andirayo I can confirm that I no longer observe the error. Thanks for the fix! 👍 |
Describe your environment
Describe the problem
I believe this is the same issue that others are observing in #2364 (comment)
I seem to be running into an edge case where the
OPTIONS
request tohttps://firebaseinstallations.googleapis.com/v1/projects/***/installations/***/authTokens:generate
results in a CORS error.Here's the situation: I have a firebase web app running since quite a while.
If I visit my web app with a new incognito window then a successful POST request to
https://firebaseinstallations.googleapis.com/v1/projects/***/installations
is issued:Resulting in an IndexedDB entry that looks like this:
All good in that case!
However, in my regular browser I have an issue. I cannot reproduce how the browser got into the current state, but the
firebase-installations-store
table in the local IndexedDB looks like this:I believe the relevant part is the empty
authToken
. This will result in an OPTIONS request tohttps://firebaseinstallations.googleapis.com/v1/projects/***/installations/***/authTokens:generate
which results in a 403 response and (since no CORS-headers are present) in a CORS error printed to the Chrome console:I am not sure whether this is an issue on the server side or in the client code that does not gracefully handle the CORS error. But since others seem to be reporting this recently, I believe it should be investigated.
Steps to reproduce:
I have a hard time reproducing the issue since it depends on the contents of the local IndexedDB, see above.
Relevant Code:
See above.
The text was updated successfully, but these errors were encountered: