maybe I'm missing something, but currently it seems that the transform Cloud Function endpoint is called by Algolia without any authentication: See transform.js.
I tried giving ext-firestore-algolia-search@{project}.iam.gserviceaccount.com Cloud Functions Invoker permissions, but that did not help.
The result was a 403 with reason: Unexpected token < in JSON at position 0 at ... as in https://github.com/algolia/firestore-algolia-search/issues/132, due to Firebase returning HTML for the error message ERROR 403 (FORBIDDEN): Your client does not have permission to get URL /transform-function-name.
Only giving Cloud Functions Invoker role to the allUsers principal on my transform cloud function worked eventually, but that's pretty insecure since the endpoint is now public.
Hi there,
maybe I'm missing something, but currently it seems that the transform Cloud Function endpoint is called by Algolia without any authentication: See transform.js.
I tried giving ext-firestore-algolia-search@{project}.iam.gserviceaccount.com
Cloud Functions Invoker
permissions, but that did not help.The result was a 403 with
reason: Unexpected token < in JSON at position 0 at ...
as in https://github.com/algolia/firestore-algolia-search/issues/132, due to Firebase returning HTML for the error messageERROR 403 (FORBIDDEN): Your client does not have permission to get URL /transform-function-name
.Only giving
Cloud Functions Invoker
role to theallUsers
principal on my transform cloud function worked eventually, but that's pretty insecure since the endpoint is now public.Any pointers?