Firebase Functions HTTPS 403 Forbidden


I built a Firebase HTTP Event function with Node and Express. The function is working, but when I invoke the function on the client side I get 403 Forbidden. The first time I invoked the function I was asked to sign in with a Google account. I signed in with the same account I use for Firebase, but when I invoked the function I got:

Screenshot of 403 error

I looked at the use roles on Google cloud platform and the permission to invoke the function is set to allUsers. I signed out and back in again in the Firebase CLI.

Here is the index.js in the functions folder:

const functions = require('firebase-functions');
const express = require('express');
const app = express();
const bodyParser = require('body-parser');
const port = process.env.port || 5600
const nodemailer = require('nodemailer');


app.use(bodyParser.urlencoded({ extended: true }));

const urlencodedParser = bodyParser.urlencoded({extended: true});"/api/user", urlencodedParser, (req, res) => {
  res.sendFile('../Public/bedankt.html', {root: __dirname})
  const persGegevens = req.body

  const string = JSON.stringify(persGegevens, (key, value) => {
    if (typeof value === "string"){
      return value.toUpperCase();
    } else {
      return value
  }, 1);

  var transporter = nodemailer.createTransport({
    service: 'gmail',
    auth: {
      user: '[email protected]',
      pass: 'Gietvloermakers2020!'

  var mailOptions = {
    from: '[email protected]',
    to: '[email protected]',
    subject: 'Nieuwe bestelling op Gietvloermakers',
    html: string

  transporter.sendMail(mailOptions, function(error, info){
    if (error) {
    } else {
      console.log('Email sent: ' + info.response);

exports.app1 = functions.https.onRequest(app);



Here is the html:

<form id="controlleer-form" action="/api/user" method="post" enctype="application/x-www-form-urlencoded">
    <div class="controleer-div">
        <h2>Uw bestelling</h2>
        <p>Aantal m2</p>
        <input class="controle-input" type="text" name="aantalM2" id="aantalM2" readonly>
        <input class="controle-input" type="text" name="kleur" id="kleur" readonly>
        <input class="controle-input" type="text" name="assistentie" id="assistentie" readonly>
        <input class="controle-input" type="text" name="gereedschappen" id="gereedschappen" readonly>
        <p>Totale prijs</p>
        <input  class="controle-input" type="text" name="totale-prijs" id="totale-prijs" readonly>
        <a href="bestellen.html"><p id="andere-kleur">Bestelling aanpassen</p></a>
    <div class="controleer-div">
        <h2>Uw gegevens</h2>
        <input type="text" name="voornaam" placeholder="Voornaam">
        <input type="text" name="Achternaam" placeholder="Achternaam">
        <p>Straatnaam en huisnummer</p>
        <input type="text" name="Achternaam" placeholder="Straatnaam en huisnummer">
        <input type="text" name="Achternaam" placeholder="Postcode">
        <input type="tel" name="telefoonnummer" placeholder="Telefoonnummer">
        <input type="email" name="email" placeholder="Emailadres"><br>
        <input id="verzenden" type="submit"> 

Here is the firebase.json:

  "hosting": {
    "public": "Public",
    "ignore": [
    "rewrites": [{
      "source": "**",
      "function": "app1"

I tried but I exhausted all possible solutions I’ve found online so far.


I encountered this recently. It turns out that as of January 15, 2020 new functions require authentication by default.

See the docs here for details.

The solution was to manually add the Cloud Functions Invoker permission to the allUsers user in the Cloud Functions page in the Google Cloud Console.

Answered By – J M Rossy

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published