Ad

How To Ensure HTTP Trigger Will Be Called Only Via HTTPS?

I'm building an API on Cloud Functions with NodeJS and Express (Firebase) and I'd like to accept only calls via HTTPs so calls made over plain HTTP will fail. Is it possible to do it?

Ad

Answer

You should examine the request object being passed to your function. It's going to be an Express type Request object. Request has a property called protocol that should be "https". So:

functions.https.onRequest((req, res) => {
    if (req.protocol !== "https") {
        // reject the request
        res.sendStatus(403)
    }
})
Ad
source: stackoverflow.com
Ad