'How to restrict a Google Cloud function to be invoked only from the Google Cloud Console?

I have a Firebase function to do some data processing, and I only want to invoke it through Google Cloud Console manually.

Just a simple function like this (using node.js):

import * as functions from 'firebase-functions'

// // Start writing Firebase Functions
// // https://firebase.google.com/docs/functions/typescript
//
export const test = functions.https.onRequest(async (req, res) => {
  res.send({
    query: req.query,
    body: req.body,
  })
})

The way I did it is to deploy the function via the firebase-cli then remove the Cloud Function Invoker role in the permission tab from GUI.

It seems to work.

But I noticed one thing, when I send the request with Postman

when you send a GET, the error is 400,

But for any request that's not a GET, you get a proper 403

My questions are:

why GET is 400 while the others are 403?
am i doing it right in terms of my requirement?
what's the correct way of doing it?
does the function get invoked while sending a request like POST?

firebase google-cloud-functions

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source

'How to restrict a Google Cloud function to be invoked only from the Google Cloud Console?

Sources

Related Questions