48 results found

1. Trusted headers for client IP address via Firebase Hosting

   Context: from a backend running on Cloud Run/Cloud Functions, how to determine client IP address, when you need to TRUST it for IP-address based access restrictions.

   You can normally find the real client IP as the first entry in the X-Forwarded-For header, but you cannot trust it.

   If you are using Cloud Run (or Cloud Functions gen 2), then as far as I can tell the Cloud Run orchestrator always sits as a proxy in front of your container. This means you can trust the last entry in X-Forwarded-For as this is the client IP seen by Cloud Run itself. The last address is the only address you can trust. Any preceeding addresses in the list could have been provided/spoofed by the requester themselves or any untrusted proxy along the way.

   If you are proxying the the Cloud Run container (or Cloud Function) behind Firebase hosting, then the last address in the list is the Fastly CDN proxy, not the original client address. You might be tempted to use the second-to-last address (or the Fastly-Client-IP header), but you cannot trust this.

   If the requester learns the direct address of your Cloud Run container (e.g. <your-service>.a.run.app) then they can make the request directly, and spoof either of those headers, telling you whatever address they want to.

   In short, there needs to be some coordination between Cloud Run and Firebase Hosting for Cloud Run to provide some "trusted header". When a request reaches Cloud Run via Firebase Hosting the two need to authenticate themselves so that Cloud Run can provide the real client IP as seen by Firebase Hosting, only if the request actually came from legitimate Firebase Hosting.

   Without this, Firebase Hosting cannot be used as a proxy when IP-address based authentication is required.

   Context: from a backend running on Cloud Run/Cloud Functions, how to determine client IP address, when you need to TRUST it for IP-address based access restrictions.

   You can normally find the real client IP as the first entry in the X-Forwarded-For header, but you cannot trust it.

   If you are using Cloud Run (or Cloud Functions gen 2), then as far as I can tell the Cloud Run orchestrator always sits as a proxy in front of your container. This means you can trust the last entry in X-Forwarded-For as this is the client IP seen by Cloud Run itself.… more

   3 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   1 comment  ·  Hosting  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Submit Rating

2. Use a firebaseapp.com hostname as the Common Name for all certificates
   4 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Hosting  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Submit Rating

3. Remix support

   Have out of the box support for Remix framework implementing SSR which also work with the Emulators.

   3 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Hosting  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Submit Rating

4. The Firebase target apply command has also to update the firebase.json with the target name!

   The Firebase target apply command has also to update the firebase.json with the target name!

   3 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Hosting  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Submit Rating

5. Some Hosting Feedback
   3 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Hosting  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Submit Rating

6. AAAA/IPv6 DNS records
   2 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Hosting  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Submit Rating

7. Enable deployments that don't delete previous artifacts

   Have an option to deploy and keep previous deployment artifacts instead of deleting them.

   Even better would be an option for this with a TTL on previous deployment artifacts (that haven't been updated or re-deployed in subsequent deployments).

   2 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Hosting  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Submit Rating

8. Add ability to set release version.

   Right now we can not control version. After deploy version at api looks like this:
   "sites/<site_name>/versions/2e65a07a8886cdb4"

   I want to be able to provide my own string (git hashtag, semver, etc). It requires to match source code and deployed version. The version should be shown at UI and we should be able to rollback based on this version. During deploy with the same version CLI should throw error.

   1 vote

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Hosting  ·  Edit…  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Submit Rating