5

Is there a way to enable CORS for REST endpoints, as stated here and here? It looks like Firebase no longer adds them by default. It would be helpful for apps that don't need realtime connectivity or cant use websockets.

Here's a REST request to Firebase. If you check the response, there are no cors headers: https://samplechat.firebaseio-demo.com/users/jack/name.json

Community
  • 1
  • 1
Andy Miller
  • 849
  • 1
  • 9
  • 21

1 Answers1

14

Found the issue.

All the REST endpoints need to end in '.json', including put and post requests. That triggers Firebase to set the cross-origin headers to the origin on the request. By not adding the '.json' to the end of my POST request, the origin headers were not added so it looked like a CORS issue.

The example doesn't have a CORS header, so it looks like Firebase must add them only when needed.

Andy Miller
  • 849
  • 1
  • 9
  • 21
  • 1
    Note that without `.json`, Firebase tries to load the developer console available at `.firebaseio.com`. – Rob DiMarco Dec 17 '15 at 18:29
  • 1
    Out of curiosity, why are you using REST instead of the JS SDK? – David East Dec 17 '15 at 18:38
  • 1
    My app is primarily built for offline use, with only periodic syncs to the backend. I'd rather handle the offline state myself than set up websockets that constantly try to reconnect. I keep a parallel db in indexeddb where I keep track of offline modifications and then merge with online updates when the user goes back online. – Andy Miller Dec 17 '15 at 22:02