Firebase身份验证-自定义的重定向域会提示NET :: ERR_CERT_COMMON_NAME_INVALID警告 [英] Firebase Auth - customized redirect domain prompts NET::ERR_CERT_COMMON_NAME_INVALID warning
问题描述
我正在为我的Web应用程序使用Firebase身份验证,并为Firebase身份验证的Google登录功能自定义重定向域,以便Google的身份验证页面将
I'm using Firebase Authentication for my web app, and customizing the redirect domain for Firebase Authentication's Google Sign-In feature so that Google's authentication page will
显示继续:https://auth.mydomain.com ,
show Continue to: https://auth.mydomain.com,
代替继续:https://my-app-12345.firebaseapp.com .
instead of Continue to: https://my-app-12345.firebaseapp.com.
因此,我按照 Firebase的文档上的说明执行了四个步骤:
So I did four steps according to instructions on Firebase's documentation:
(1)为auth.mydomain.com创建一个指向my-app-12345.firebaseapp.com
(1) Create a CNAME record for auth.mydomain.com that points to my-app-12345.firebaseapp.com
(2)将auth.mydomain.com添加到Firebase控制台的授权域列表中
(2) Add auth.mydomain.com to the list of authorized domains in the Firebase console
(3)在Google OAuth设置页面中,将重定向页面的URL列入白名单https://auth.mydomain.com/__/auth/handler
(3) In the Google OAuth setup page, whitelist the URL of the redirect page which is https://auth.mydomain.com/__/auth/handler
(4)编辑我的应用程序的JavaScript代码以初始化Firebase库:
(4) Edit my app's JavaScript code which initializes Firebase library:
var config = {
...
// from 'authDomain: my-app-12345.firebaseapp.com,'
authDomain: 'auth.mydomain.com',
...
};
但是,此后,当我的应用程序调用firebase.auth().signInWithRedirect(provider)方法时,Web浏览器将显示隐私警告,如下所示:
After that, however, when my app invokes firebase.auth().signInWithRedirect(provider) method, web browser will show privacy warning like the following:
您的连接不是私有的
攻击者可能试图从 auth.mydomain.com 窃取您的信息(例如密码,消息或信用卡). 了解详情
Your connection is not private
Attackers might be trying to steal your information from auth.mydomain.com (for example, passwords, messages, or credit cards). Learn more
NET :: ERR_CERT_COMMON_NAME_INVALID
NET::ERR_CERT_COMMON_NAME_INVALID
...
此服务器无法证明它是 auth.mydomain.com ;其安全证书来自 firebaseapp.com .这可能是由于配置错误或攻击者拦截了您的连接导致的.
This server could not prove that it is auth.mydomain.com; its security certificate is from firebaseapp.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
继续访问auth.mydomain.com(不安全)
证书信息如下:
firebaseapp.com
发布者:Google Internet Authority G3
Issued by: Google Internet Authority G3
有效期:2018年11月13日,星期二
Expires: Tuesday, 13 November 2018
此证书有效.
详细信息
主题名称
国家/地区:美国
州/省:加利福尼亚
位置:山景城
组织:Google Inc
Organization: Google Inc
公用名:firebaseapp.com
Common Name: firebaseapp.com
下面是URI:
https://auth.mydomain.com/__/auth/handler?apiKey=apiKey&appName=%5BDEFAULT%5D&authType=signInViaRedirect&providerId=google.com&scopes=profile&redirectUrl=https%3A%2F%2Fwww.mydomain.com%2Flogin&v=5.0.4
为什么要为Google登录提示NET::ERR_CERT_COMMON_NAME_INVALID警告定制重定向域,以及如何避免出现警告消息,例如使用auth.mydomain.com自己的证书将主题备用名称添加到证书中?
Why does customizing the redirect domain for Google Sign-In prompt NET::ERR_CERT_COMMON_NAME_INVALID warning, and how should I do to avoid the warning message from prompting, e.g. adding Subject Alternative Names into the certificate, using auth.mydomain.com's own certificate?
顺便说一句,在上面的警告页面中,如果单击继续执行auth.mydomain.com(不安全),则身份验证将按预期进行.
By the way, in the above warning page, if Proceed to auth.mydomain.com (unsafe) is clicked, authentication will work as expected.
推荐答案
由于auth.mydomain.com通过CNAME记录指向my-app-12345.firebaseapp.com,因此firebaseapp.com的主机应为auth.mydomain.com提供SSL证书.即使my-app-12345未使用Firebase Hosting,也必须在Firebase Hosting页面中完成此操作.这是基于Firebase的文档的分步方法:
Because auth.mydomain.com points to my-app-12345.firebaseapp.com via CNAME record, host of firebaseapp.com should provision SSL certificate for auth.mydomain.com. It has to be done in Firebase Hosting page even if my-app-12345 is not using Firebase Hosting. Here is step-by-step method for doing that based on Firebase's documentation:
- 在Firebase项目
my-app-12345的控制台中,单击侧面菜单上的托管". - 出现设置托管"弹出窗口时,单击继续".然后单击完成.
- 在托管"页面中,单击连接域".
- 出现连接域"弹出窗口时,输入
auth.mydomain.com.然后单击将auth.mydomain.com重定向到现有网站"复选框.然后输入my-app-12345.firebaseapp.com.然后单击继续. - 出现将下面的TXT记录添加到您的DNS提供商以确认您拥有
mydomain.com"弹出窗口时,请按照说明进行操作.然后单击验证. (验证可能需要几分钟).然后单击完成.
- In Firebase project
my-app-12345's console, click Hosting on the side menu. - When Set up hosting pop-up appears, click Continue. Then click Finish.
- In Hosting page, click Connect domain.
- When Connect domain pop-up appears, enter
auth.mydomain.com. Then click 'Redirectauth.mydomain.comto an existing website' checkbox. Then entermy-app-12345.firebaseapp.com. Then click Continue. - When 'Add the TXT records below to your DNS provider to verify you own
mydomain.com' pop-up appears, follow the instruction. And click Verify. (Verifying may take some minutes). Then click Finish.
现在auth.mydomain.com将出现在具有Pending状态的域部分中.它将很快更改为Connected.一段时间后,NET::ERR_CERT_COMMON_NAME_INVALID警告问题将消失.
Now auth.mydomain.com will be appeared in domain section with Pending status. It will soon be changed to Connected. And after some time, the NET::ERR_CERT_COMMON_NAME_INVALID warning issue will be gone.
P.S.在Firebase技术支持团队的帮助下,我找到了自己的问题的答案.
P.S. With help of Firebase technical support team, I have got the answer to my own question.
这篇关于Firebase身份验证-自定义的重定向域会提示NET :: ERR_CERT_COMMON_NAME_INVALID警告的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
