firebase-js-sdk icon indicating copy to clipboard operation
firebase-js-sdk copied to clipboard
verified publisher icon firebase

AppCheck not compatible with custom domains

Open grmatthews opened this issue 3 years ago • 4 comments

https://github.com/firebase/firebase-js-sdk/issues/6278 is not fixed, and the issue is closed to comments.

The browser console error I am getting is:

@firebase/app-check: FirebaseError: AppCheck: Fetch server returned an HTTP error status. HTTP status: 403. (appCheck/fetch-status-error).

The custom domain setup I have performed is:

  • I have a domain, jobsforjoe.com pointed at my Firebase app
  • Under Firebase Console / Hosting / Domains , I have 2 additional entries: -- jobsforjoe.com --- Connected (Custom) -- www.jobsforjoe.com --- Connected (Redirect -> jobsforjoe.com)
  • Under Firebase Console / Authentication / Settings / Authorized Domains I have 'jobsforjoe.com Custom'

Is this still a bug or is there something else I should be checking?

grmatthews avatar Aug 24 '22 04:08 grmatthews

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

google-oss-bot avatar Aug 24 '22 04:08 google-oss-bot

What provider are you using for AppCheck? ReCAPTCHA, ReCAPTCHA Enterprise, or custom? If you're using one of the ReCAPTCHAs, did you add all your domains in your ReCAPTCHA console?

hsubox76 avatar Aug 24 '22 17:08 hsubox76

ReCaptcha v3 (normal, not enterprise), and yes I checked the ReCaptcha keys provided are correctly configured in my app.

"did you add all your domains in your ReCAPTCHA console?" -> I have app-02-df417.web.app added. I do not have jobsforjoe.com added -- do I need to add that?

app code

const appCheck = initializeAppCheck(app, {
    // This key doesn't need to be protected - it's the 'Site key' from Google.com recaptcha setup
    provider: new ReCaptchaV3Provider("<sharable recaptcha key>"),

    // Optional argument. If true, the SDK automatically refreshes App Check
    // tokens as needed.
    isTokenAutoRefreshEnabled: true,
})

grmatthews avatar Aug 24 '22 22:08 grmatthews

Can close this. I added jobsforjoe.com to the ReCaptcha config, and it now works.

Would be good if there was a succinct list of steps to set this up, e.g.

  1. Point domain via domain name register to Firebase app.
  2. Add custom domain under Firebase Console / Hosting / Domains
  3. Add custom domain under Firebase Console / Authentication / Settings / Authorized Domains
  4. Ensure ReCaptchav3 has custom domain added, as well as base Firebase app domain

Potentially Google could also make steps 2+3 into 1 step?

grmatthews avatar Aug 24 '22 22:08 grmatthews