1

My company has implemented Netskope for security and it is causing issues with my Firebase web app. I have verified Netskope is the cause of problem by having our security admins disable it on my PC. When that was done, the web app performs as expected. With Netskope enabled, users are able to log in but can't retrieve documents (and I'm assuming can't edit or delete either). Instead, there is an error in the console that says

Could not reach Cloud Firestore backend. Backend didn't respond within 10 seconds. This typically indicates that your device does not have a healthy internet connection at the moment.

Some code:

var app = firebase.initializeApp(config);
var db = firebase.firestore(app);

var docRef = db.collection("/annual meeting/Events/" + selectedDay).orderBy("time").get().then(function(querySnapshot) {
            querySnapshot.forEach(function(doc) {
                eventIds.push(doc.id);
                eventDocs.push(doc.data());
            });
            addEventsToList();
        })

My security people are asking for specific URLs so they can investigate. I've sent them https://console.firestore.google.com/project/*project-name*/firestore, but I'm not sure what else to send them. They seem to think it's either a certificate pinning issue or Firebase not liking Netskope's egress IPs. They need specific URLs to redirect, but I'm not sure what to give them.

raginggoat
  • 3,570
  • 10
  • 48
  • 108

1 Answers1

0

According to the Firestore documentation, the client libraries and APIs use the firestore.googleapis.com service to communicate with Firestore.

To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.

If your security department is requesting URLs to investigate, you can try with the REST endpoints of this API. Inside the documentation, there is an API test app included (API Explorer). This feature lets you make requests to the service with appropriate authentication. For example the following endpoint is used to retrieve documents from Firestore:

https://firestore.googleapis.com/v1/{name=projects/*/databases/*/documents/*/**}

The request parameter name for this endpoint when using the API explorer would be:

projects/projectID/databases/databaseID/documents/documentPath

  • projectID = your project ID
  • databaseID = for Firestore use: “(default)”
  • documentPath = path of the document to retrieve (collection/document/...)

Additionally, I found other questions related to Firebase and Netskope in Stackoverflow and GitHub

ErnestoC
  • 2,660
  • 1
  • 6
  • 19
  • Was this information useful for your issue? in case other users are finding the same issue with NetSkope – ErnestoC Nov 12 '21 at 00:26