Comments (2)
marekhrabe
commented on June 26, 2024
1
This article has helped me a ton to add firebase auth to my app, thanks! I'm already using Workers for many things, so it made sense to go this route.
Google and Github auth worked perfectly right away using this proxy, but it took me a few weeks to figure out why Apple wasn't working with this approach. Apple/Firebase do not make the best job of explaining different domain verification requirements, key ids, cryptic errors, and especially Apple has the most confusing dashboards where you have to configure thisβ¦
Turns out the error lied in this little proxy. When you request an email and user name from Apple during the auth (which is done by default in Firebase), the OAuth flow slightly changes β from passing the code in the URL query params into using a POST request and passing data in the request body. This is why Firebase docs mention that you must use Firebase Hosting to use Sign in with Apple, but they do not go into why. They need their server to read POST bodies.
This proxy is written in a way that keeps the URL, headers, method, but NOT the body. The body is thrown out and with it all required data to make the flow work correctly.
The fix is quite simple. You can go from:
const newRequest = new Request(transformedUrl.toString(), {
method: request.method,
headers: request.headers,
});
Into:
const newRequest = new Request(transformedUrl.toString(), request);
Which makes the new request inherit all original properties, not just the method and headers. It will include the body too and that's when my integration started to work for Apple auth too.
from blog-comments.
eleventhaus
commented on June 26, 2024
I'm getting a CORS error:
Access to XMLHttpRequest at 'https://my-app.com/__/firebase/init.json' (redirected from 'https://my-app.com/__/firebase/init.json') from origin 'https://my-app.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I tried this:
const newRequest = new Request(transformedUrl.toString(), request);
const response = await fetch(newRequest)
const responseHeaders = new Headers(response.headers)
responseHeaders.set('Access-Control-Allow-Origin', '*')
return new Response(response.body, {
headers: responseHeaders,
status: response.status,
statusText: response.statusText
})
But still not working for redirect, siginWithPopUp works tho.
Any ideas?
from blog-comments.
Related Issues (5)
- blog/2022/03/31/tailwind-scss-resolve-url-loader-error-processing-css-invalid-mapping/ HOT 2
- blog/2022/12/16/generating-meaningful-issues-in-sentry-with-react-query-+-axios/ HOT 2
- blog/2024/01/31/create-astro-front-matter-with-templater-in-obsidian/ HOT 2
- blog/2022/12/14/mocking-intersectionobserver-in-jest/ HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blog-comments.