I’m trying to sign in anonymously from a Web app using the JS SDK and it works great on some environments, but on one environment, the exact same code that’s working elsewhere is giving me a 403:
(index):64 {“error”:{“code”:403,“message”:“Requests from referer https://myapp.firebaseapp.com/ are blocked.“,”errors”:[{“message”:“Requests from referer https://myapp.firebaseapp.com/ are blocked.“,”domain”:“global”,“reason”:“forbidden”}],“status”:“PERMISSION_DENIED”}}
Yet I think I checked everything is the same in all environments: anonymous authentication is enabled and my web app is on Firebase Hosting so the code should be environment-independent.
Any idea where else this could come from?
It seems like you have set some referrer restrictions on your API key. You need to go to the Google Cloud Console and modify these restrictions on your API key.