Firebase Storage Code -13000 Permission Error - swift

I have previously been able to use firebase to store user images, but when once I created a new xcode project I've been getting this error:
Error Domain=FIRStorageErrorDomain Code=-13000 "An unknown error occurred, please
check the server response." UserInfo={object=WtLirPvwL9b7eI3zipGZkk1G4Hi2,
ResponseBody={
"error": {
"code": 400,
"message": "Permission denied. Please enable Firebase Storage for your bucket by
visiting the Storage tab in the Firebase Console and ensure that you have
sufficient permission to properly provision resources."
}
I have been getting this error even after setting up storage for my project.
And I don't think it has to do with the usage rules--for one, I allowed unauthorized reads and writes, and in my testing, the user is already authorized before attempting to push images to storage. In fact, the uid generated from firebase's auth is what is being used as the reference. Also noteworthy is the fact that authorization with firebase is working fine--I'm having no errors creating accounts.
Another interesting fact--I also received this error after setting up yet another XCode project (and the corresponding steps in Firebase). So with two different Xcode projects, the same error is happening to me.
EDIT: usage rules and permissions
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
This is the default usage configuration. I previously had changed the content to allow read allow write to see if that would affect anything. But my error is happening with both that config and the default one.
Also, someone linked in the comments to a site recommending to check IAM and Admin permissions. As I suspected, I am the owner and so I see no permission problem there.
Additionally, nothing appears to be wrong with the GoogleService-Info.plist, even though that was what I suspected was wrong. Indeed, it includes the correct string for my storage bucket.
EDIT 2: CONSOLE ERROR
Thanks for #Leopold for pointing out that this error also occurs in the console. At first I thought that the console was working for me (I was able to upload images to it) but I now get the error when trying to view the image I uploaded through the console.
I got to this page by clicking on the image name hyperlink.

For me it looks, that Google Cloud Platform configured in the way, that you do not have permission storage bucket.
Go to https://console.cloud.google.com
Pick your project
Navigate to Cloud Storage
Go to Permissions tab
Add permission. Add permission which suits your needs most.
For my storage I am allowing to access my storage for everyone. And for you to see and play for troubleshooting to do the same.
In the permission tap ADD
Add Storage Object Viewer
Click save

Considering I don't find older questions about this Exact issue, and that the only ones are from yesterday, then I suspect it's a server/google side issue. So I went on firebase storage, uploaded a file through the console, and then I saw this on the right side, under the upload button:
Error Loading Thumbnail/Image (Erro Carregando Visualiação)
image
And then I clicked on the name link (Nome: Fachada.jpg)
and got this:
Permission denied. Please enable Firebase Storage for your bucket by visiting the Storage tab in the Firebase Console and ensure that you have sufficient permission to properly provision resources.
{ "error": {
"code": 400,
"message": "Permission denied. Please enable Firebase Storage for your bucket by visiting the Storage tab in the Firebase Console and
ensure that you have sufficient permission to properly provision
resources." } }
So even the console is yielding this error! It's server sided, you just have to wait, and I have never seen this happen before on Firebase(there is no google search result for this exact error, except for yesterday Saturday, November 20th 2021)

Related

How can I resolve 400 bad request in Google Picker dialog in test application?

I'm running into trouble with test users and the Picker component in my web applicaton.
A subset of my test users are receiving a 400: The server cannot process the request because it is malformed when attempting to access the picker. Some of them experience a looping sign-in beforehand.
The picker is constructed in the following way inside of a useEffect in a React component:
// if there's a non-config related bug, I would imagine it must be related to getting the access token here.
const accessToken = gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().access_token;
const view = new picker.DocsView(picker.ViewId.DOCUMENTS);
view.setIncludeFolders(true);
const pickerDisplay = new picker.PickerBuilder()
.enableFeature(picker.Feature.MULTISELECT_ENABLED)
.setAppId(appId)
.addView(view)
.addView(new picker.DocsUploadView())
.setOAuthToken(accessToken)
.setDeveloperKey(apiKey)
.setCallback(pickerCallback)
.build();
setPicker(pickerDisplay); // sets picker state
Because I am not receiving the error message and the application has not been verified, I believe this likely has something to do with the IAM.
I believe I've been able to eliminate managed browsers settings,
cookie settings, and extensions as possible sources of error.
I've also added the users to the GCP project with the Browser role, though
they did not receive invites. What do I need to try next to resolve
this issue?
I cannot provide a minimum reproducible example because this only seems to be confined to a subset of my users' browsers.
I reached out to Google support, but unfortunately this is not covered.
I need to get this application into production relatively soon, so I'm very seriously considering just writing my own Drive microservice and recreating the Picker. I would love to avoid this though.

Why does the Firebase API call for projects.databases.get return an error 404 - Project does not exist, for a project that does exist?

I'm new to all of this so I probably missed something really obvious.
When trying to run a simple test using the following API call :
https://firebase.google.com/docs/firestore/reference/rest/v1/projects.databases/get
the response that I get back is:
{
"error": {
"code": 404,
"message": "Project 'some-projectname' does not exist.",
"status": "NOT_FOUND"
}
}
But the project does exist (though the name actually used isn't what is shown here I removed that for privacy reasons). But none the less the actual project is visible in both the Google Cloud Platform UI and the Firebase UI.
To try and add more color and hopefully supply as much detail as possible.
I use the following format for the parameter:
projects/some-projectname/databases/some-databasename
and for Credentials, leave both boxes checked: "Google OAuth 2.0" and "API key".
The project is under the Blaze plan and was set up with Firestore in Native Mode.
Please let me know if there is any more detail I can supply or something I should try and thanks kindly for your time.
You need to use (default) as the database name as that's the name of the only database that is currently allowed for each project.
I.e. projects/PROJECT_NAME/databases/(default)

Manually Setting a firebaseStorageDownloadTokens on image Upload to Firebase Storage with Flutter

I am trying to put a file to Firebase Storage with the following:
final metadata = firebase_storage.SettableMetadata(
customMetadata: {'firebaseStorageDownloadTokens': customToken});
_uploadTask =
_storage.ref().child(filePath).putFile(widget.file!, metadata);
I get the following error in my console:
E/StorageException( 6906): Caused by: java.io.IOException: { "error": { "code": 400, "message": "Not allowed to set custom metadata for firebaseStorageDownloadTokens" }}
Submitting this as both a bug & feature request on the plugin site, but in the meantime, in the off-chance I'm just writing this wrong, as documentation on this isn't thorough, I thought I'd submit here to see if anybody has done it successfully from the client.
I'll be writing a cloud function later if I can't do it from client, but since this isn't a high security thing I'm doing...I have many reasons to avoid forcing my app to get the downloadUrl....my aim is to create a predictable downloadUrl...readily done in the cloud, I know, just looking to do it from the client here.
After talking to some folks, this is not allowed from the client. It has to be done with a Cloud Function. It's highly discouraged. Here is why:
Anyone can access images if they have the image ID and the downloadToken. The idea is that both are hard to guess...hence an modicum of security. You can set security rules to getDownloadUrl for authenticated users, hence "restricting" the viewability through the obscurity of the image name, downloadToken and location.
By manually setting a downloadToken, you erode that "security."
It is allowed, however, you have to do it with a cloud function, triggering on create of the image, over-writing the auto-generated downloadToken. Send me a DM for help in that if you need it.

Internal Server Error for Deshboard only mode user

I have created dashboard and shared it to other computer which is demo user with the role-> kibana_dashboard_only_user.
now when i open shared with demo user login credentials it shows error like
Internal Server Error
Error: Internal Server Error
SearchError#http://10.42.35.14:5601/bundles/commons.bundle.js:3:298201
_callee2$/<.searching</<#http://10.42.35.14:5601/bundles/commons.bundle.js:4:324908
processQueue#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:199687
scheduleProcessQueue/<#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:200650
$digest#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:210412
$apply#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:213219
done#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:132717
completeRequest#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:136329
requestLoaded#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:135225
Does the user have read permissions on the index? Just dashboard permissions alone are not enough; this is unfortunately not super obvious.
The user (or role) needs to have at least the read permission on the desired index in addition to the dashboard-only role.
Check the documentation here:
https://www.elastic.co/guide/en/kibana/current/xpack-dashboard-only-mode.html#grant-read-access-to-indices
BTW the feature has generally been reworked and is deprecated in the old form

Policy file error while loading new profile pictures from Facebook

As you might know, for loading images from Facebook in our application (in my case AS3) we have to load following policy file:
Security.loadPolicyFile('https://fbcdn-profile-a.akamaihd.net/crossdomain.xml');
otherwise we get following error:
SecurityError: Error #2122: Security sandbox violation: Loader.content: http://test cannot access http://profile.ak.fbcdn.net/v22941/254/15/q652310588_2173.jpg A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
you can find related question here.
I have a Facebook application that is running for long time without problem, but what I am facing today which is bizarre, is that the application gives the same security error message while loading NEW PROFILE PICTURE, and for the profile pictures that have been uploaded about 2-3 weeks ago or earlier, there is no problem.
My question is that did Facebook change its policy? Is it a problem form my side or something is wrong from Facebook? I have googled to see if the Facebook's policy or something else has been changed, but I did not found any clue.
If you go to https://fbcdn-profile-a.akamaihd.net/crossdomain.xml you will see that it returns an error (403 Forbidden: You don't have permission to access /36477/crossdomain/pics-crossdomain.xml on this server) so Flash never gets a valid crossdomain file.
This is an issue that Facebook needs to address.
I know of no way to have Flash ignore crossdomain errors.