Ad

Angular 8 + @angular/fire OnCall Function No CORS Header Present Error

I have firebase hosting in multi-region 'europe-west' and firebase functions in 'europe-west1'. onRequest functions seem to work fine but all my onCall functions throw out the generic CORS error:

 No 'Access-Control-Allow-Origin' header is present on the requested resource.

Nothing useful in the log.

Example of function:

export const ADMIN01AddStaffClaim = functions
    .region('europe-west1')
    .https.onCall((data, context) => {
        if (context.auth) {
            if (context.auth.token.owner !== true) {
                let error = new HttpsError('permission-denied', 'You must be an app owner to add staff claims');
                return { error };
            } else {
                const email = data.email;
                return grantClaim(email, 'staff')
                    .then(() => {
                        return { result: 'Added ' + 'staff' + ' claim to ' + email };
                    })
                    .catch(err => {
                        console.log(err);
                        let error = new HttpsError(
                            'permission-denied',
                            'You must be an app owner to add staff claims'
                        );
                        return { error };
                    });
            }
        } else {
            let error = new HttpsError('permission-denied', 'You must be an app owner to add staff claims');
            return { error };
        }
    });

I've tried using express's cors but from what I've read in the docs it wouldn't work with callable functions.

EDIT: To the guy that removed the angular tag and added javascript, there's only typescript literally everywhere in my code and this is an issue coming from angular, via normal browser requests work.

EDIT2: The error is being thrown out not because of actual CORS issues, but because my function is utter shit.

Ad

Answer

I wasn't returning things properly from within my function and it seems that by default the CORS error was the first point of failure when the browser would make the OPTIONS request. Had it not been for the CORS error, it would've been an actual 500 Internal Server Error when I would call the function.

Ad
source: stackoverflow.com
Ad