firebase-tools
firebase-tools copied to clipboard
firebase
Unable to disable Cors for v2 https function
[REQUIRED] Environment info
firebase-tools: ^11.4.1
Platform: Windows
[REQUIRED] Test case
ATM the emulator sets the following env vars
https://github.com/firebase/firebase-tools/blob/5fc562dc39b1e1c7f171971803e1329226cb059c/src/emulator/functionsEmulator.ts#L1149-L1152
which leads to the fact that an application cannot disable the cors implementation of the functions framework because the functions v2 implementation prioritizes debug features over configuration.
Source: https://github.com/firebase/firebase-functions/blob/master/src/v2/providers/https.ts#L222-L233
In my case it's necessary to allow the application to set cors headers, because credentials need to be allowed. It's not possible to set the allow-credentials header if the cors implementation of the functions framework is enabled.
[REQUIRED] Steps to reproduce
Have a small v2 function and verify Cors headers have been set.
export const api = onRequest({
memory: '256MiB',
cors: false,
region: 'europe-west3'
}, async (...args) => {
if (!apiModule) {
apiModule = (await import('./lib-functions/api/on-https-request.js')).default
}
await apiModule.apply(null, args)
})
[REQUIRED] Expected behavior
Cors headers are not set by firebase v2 function
[REQUIRED] Actual behavior
Cors headers are set by firebase v2 function too which causes actual cors headers to be overwritten.
I was wondering whether this is can/should be fixed in the emulator or the function implementation itself. Of course I do not know whether the enableCors debug feature was left there intentionally and/or is here to stay.
I did not provide an example repo, as I think it's clear why it behaves like that. Hope it's fine.
You can see above I also opened PR https://github.com/firebase/firebase-functions/pull/1189 to adapt the functions implementation.
@stfsy I'm going to close this issue out since we were able to merge your pr. Thanks
