Why my Flutter app cannot access Google Cloud Run deployed Django service?
I am developing a flutter app and Django backend. I have a Dockerized backend and a dual setup: Locally, I use docker-compose with google cloud proxy. For deployment i use DockerFile and github actions. The service can be accessed by browser and flutter app, when deployed locally. However when the service is on Cloud Run, it can be accessed by browser, but not with the Flutter app. The service is set to allow unauthneticated access in Cloud Run settings. Django settings are setting allow communication without csrf:
CSRF_TRUSTED_ORIGINS = ["https://xxxxxx"]
CORS_ALLOW_ALL_ORIGINS = True
the view that returns unauthorized is a google login, that receives a login request with Firebase idToken:
@api_view(["POST"])
@authentication_classes([])
@permission_classes([AllowAny])
@csrf_exempt
def google_login(request) -> Response:
My django backend leaves those logs in Cloud Run
:textPayload: "Unauthorized: /api/v1/google-login/"
I have implemented JWT authentication, that still needs some testing to do but it works when I start the server on my machine.So something is wrong with the request, but I dont understand what it is.The browser can access the deployed cloud run service as I mentioned before.When scanning through Network logs I see that it sends request with csrftoken and dont see any more things that I may need to add to Flutter
request.accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
accept-encoding:
gzip, deflate, br, zstd
accept-language:
en-GB,en-US;q=0.9,en;q=0.8
cookie:
csrftoken=xxxxxx
priority:
u=0, i
referer:
https://xxxxxxx
sec-ch-ua:
"Chromium";v="130", "Google Chrome";v="130", "Not?A_Brand";v="99"
sec-ch-ua-arch:
"arm"
sec-ch-ua-bitness:
"64"
sec-ch-ua-full-version-list:
"Chromium";v="130.0.6723.117", "Google Chrome";v="130.0.6723.117", "Not?A_Brand";v="99.0.0.0"
sec-ch-ua-mobile:
?0
sec-ch-ua-model:
""
sec-ch-ua-platform:
"macOS"
sec-ch-ua-platform-version:
"15.1.0"
Flutter code:
Login page
BlocListener<FirebaseAuthCubit, FirebaseAuthState>(
listener: (context, firebaseAuthState) async {
if (firebaseAuthState is FirebaseAuthSuccess) {
context
.read<UserSessionCubit>()
.googleLogin(firebaseAuthState.idToken, _deviceLocale!);
}
},
Cubit method:
Future<void> googleLogin(String googleIdToken, String languageCode) async {
emit(UserSessionInLoading());
try {
final UserSessionModel loginResponse = await _loginApiClient.googleLogin(googleIdToken, languageCode);
emit(UserSessionSuccess(loginResponse.accessToken, loginResponse.refreshToken, loginResponse.userId, loginResponse.languageCode));
} catch (e) {
emit(UserSessionFailure(e.toString()));
}
}
Client method:
Future<UserSessionModel> googleLogin(String googleIdToken, String languageCode) async {
final Uri loginRequest = debug ? Uri.http(baseUrl, '/api/v1/google-login/') : Uri.https(baseUrl, '/api/v1/google-login/');
final response = await _dioClient.post(
loginRequest.toString(),
data: jsonEncode({'googleIdToken': googleIdToken, 'languageCode': languageCode}),
options: Options(headers: {'Content-Type': 'application/json'}),
// headers: {'Content-Type': 'application/json'},
);
if (response.statusCode == 200) {
log(response.data.toString());
final jsonResponse = response.data;
return UserSessionModel.fromJson(jsonResponse);
} else {
log(response.data.toString());
throw LoginRequestFailure();
}
}
void log(String message) {
if (debug) {
print(message);
}
}