I'm setting up Firebase's new Preview Channels (very excited for). I have set up their standard Deploy to Preview Channel workflow, and it does deploy and post the comment! However, when I click the link and try to log into my site, I get the following error:
{"error":{"code":403,"message":"Requests from referer https://myProject--pr673-mybranch-2fgs8acb.web.app/ are blocked.","errors":[{"message":"Requests from referer https://myProject--pr673-mybranch-2fgs8acb.web.app/ are blocked.","domain":"global","reason":"forbidden"}],"status":"PERMISSION_DENIED"}}
The workflow is:
name: Deploy to Preview Channel
on:
pull_request:
jobs:
build_and_preview:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install dependencies
run: npm ci
- name: Generate Build
run: npm run build-dev
- uses: FirebaseExtended/action-hosting-deploy@v0
with:
repoToken: "${{ secrets.GITHUB_TOKEN }}"
firebaseServiceAccount: "${{ secrets.FIREBASE_SERVICE_ACCOUNT }}"
expires: 30d
projectId: myProject
env:
FIREBASE_CLI_PREVIEWS: hostingchannels
This type of behavior is typically expected because:
I am limiting access to my project to only my trusted domain
But, this is causing the issue with Preview Channels because my site is restricted to my domain (and the Preview Channels aren't my domain).
I have thought of a couple of ways to solve this but am not sure if either is actually possible:
- To still restrict my project to my domain AND programmatically grant access to any of my preview channels as the workflow runs.
- βORβ Set up the Preview Channel workflow to somehow deploy to a sub-domain of mine and grant access to all wildcard sub-domains (Although based on the screenshot above, it doesn't seem possible to grant access to wildcards or paths)
Is there a way I can use Preview Channels while still projecting my project?
(either via #1, #2, or any other approach to resolve this issue without removing the restriction to my domain)
