firebase-functions icon indicating copy to clipboard operation
firebase-functions copied to clipboard

Published 20 hours ago verified publisher icon firebase

Add HSTS headers to response of callable functions

Open mbleigh opened this issue 4 years ago • 3 comments

Since we want .onCall functions to be HTTPS-only, we should restrict them via HSTS headers.

mbleigh avatar Feb 16 '21 22:02 mbleigh

Hi there, is there any news on this feature request?

joaoaguiam avatar Sep 09 '21 07:09 joaoaguiam

Yes please, this is important. Please make this feature available for everyone.

PS ~ Please make Cloud Functions available on the spark plan. It's really necessary as I'm not an enterprise developer.

shauryaaher avatar Sep 10 '21 08:09 shauryaaher

I'm not security friendly, so apologies if I'm wrong, but since functions are not web pages and are never opened directly by the user, isn't there a need to enable HSTS?

ishowta avatar Feb 02 '23 07:02 ishowta