Would URL rewrite make Firebase cloud function response come from my custom domain?

Question

Firebase documentation mention that you can serve cloud functions using a custom domain using url rewrites.

You can use rewrites to serve a function from a Firebase Hosting URL. The following example is an excerpt from serving dynamic content using Cloud Functions.'

"hosting": {
  // ...

  // Directs all requests from the page /bigben to execute the bigben function
  "rewrites": [ {
    "source": "/bigben",
    "function": "bigben"
  } ]
}

Cloud function response can return values to set in a cookie the following way:

res.cookie("session", sessionCookie, {
      expires: new Date(new Date().getTime() + expiresIn), // Add 2 weeks (in milliseconds) to the current epoch
      httpOnly: true,
      secure: true,
      sameSite: "none",
      domain: req.get("host")
    });

// Return an HTTP 204 NO CONTENT response
return res.sendStatus(204);

However in most of browsers, 3rd party cookies are not allowed, only 1st party.

I understand I can call the cloud function using my custom domain thanks to the url rewrite, however what about the response, will it be consider 1st party or 3rd party?

Daniel Ocando Daniel Ocando · Accepted Answer · 2021-01-20T07:11:20

From the browser's perspective the cookie will be coming from Firebase Hosting directly, and therefore the cookie will be considered a First Party Cookie. Notice that the rewrite in order to serve the Cloud Function from the Firebase Hosting URL all happens serverside, and therefore the behavior explained.

Would URL rewrite make Firebase cloud function response come from my custom domain?

1 Answers