Is there an existing issue for this?
Which plugins are affected?
Other
Which platforms are affected?
Android
Description
Google recommends to restrict API keys, and even sent me a warning email for malicious traffic using one of my Android API keys. Afterwards, I locked down the Google API to my Android app (via Flutter) and this works with all Firebase functionalities on both iOS and Android.
I am using AppCheck, Firestore, Crashlytics, Analytics, Remote Config and now Firebase AI Logic (via the firebase_ai package).
I am trying to call a server prompt as below. It throws an immediate error with the message Requests from this Android client application <empty> are blocked, but only for the FirebaseAI function. The hashes match and all other Firebase functions work as intended.
My suspicion is that the firebase_ai package calls the google API without providing the X-Android-Package and X-Android-Cert headers.
Reproducing the issue
Configure firebase_ai on Flutter with the newest versions (SDK & Plugins). Generate an API key on Google API Console and restrict the usage to android apps with specific hashes.
Code as below:
try {
final serverPromptId =
puzzleOpenViewPuzzlesRecord!.aiOptions.server_prompt_id!;
// Read the audio file from the path
final audioFile = File(_model.recordedAudioPath!);
final audioBytes = await audioFile.readAsBytes();
final base64String = base64Encode(audioBytes);
String mimeType =
mimeFromExtension(_model.recordedAudioPath!) ?? 'audio/mpeg';
var aiModel = FirebaseAI.googleAI(
appCheck: FirebaseAppCheck.instance, // this did not change anything on this error
auth: FirebaseAuth.instance, // this did not change anything on this error
).templateGenerativeModel();
var response = await aiModel.generateContent(
serverPromptId,
inputs: {
"attachment": base64String,
"mimeType": mimeType,
},
);
// Nothing here is called, because generateContent throws the error
} catch (e) {
ScaffoldMessenger.of(context).showSnackBar(
SnackBar(
content: Text('Error: $e'),
backgroundColor: FlutterFlowTheme.of(context).error,
),
);
} finally {
if (mounted) {
setState(() {
_model.aiLoading = false;
});
}
}Firebase Core version
4.2.1
Flutter Version
3.38.3
Relevant Log Output
Requests from this Android client application <empty> are blocked
Flutter dependencies
Expand Flutter dependencies snippet
Dart SDK 3.10.1
Flutter SDK 3.38.3
gourmet_detectives 2.7.0+52
dependencies:
- after_layout 1.2.0 [flutter]
- auto_size_text 3.0.0 [flutter]
- badges 3.1.2 [flutter]
- cached_network_image 3.4.1 [cached_network_image_platform_interface cached_network_image_web flutter flutter_cache_manager octo_image]
- chewie 1.13.0 [cupertino_icons flutter provider video_player wakelock_plus]
- cloud_firestore 6.1.0 [cloud_firestore_platform_interface cloud_firestore_web collection firebase_core firebase_core_platform_interface flutter meta]
- confetti 0.7.0 [flutter vector_math]
- csv 6.0.0
- easy_debounce 2.0.3
- equatable 2.0.7 [collection meta]
- firebase_ai 3.6.0 [firebase_app_check firebase_auth firebase_core firebase_core_platform_interface flutter http meta web_socket_channel]
- firebase_analytics 12.0.4 [firebase_analytics_platform_interface firebase_analytics_web firebase_core firebase_core_platform_interface flutter]
- firebase_app_check 0.4.1+2 [firebase_app_check_platform_interface firebase_app_check_web firebase_core firebase_core_platform_interface flutter]
- firebase_auth 6.1.2 [firebase_auth_platform_interface firebase_auth_web firebase_core firebase_core_platform_interface flutter meta]
- firebase_core 4.2.1 [firebase_core_platform_interface firebase_core_web flutter meta]
- firebase_crashlytics 5.0.5 [firebase_core firebase_core_platform_interface firebase_crashlytics_platform_interface flutter stack_trace]
- firebase_remote_config 6.1.2 [firebase_core firebase_core_platform_interface firebase_remote_config_platform_interface firebase_remote_config_web flutter]
- flip_card 0.7.0 [flutter]
- flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine]
- flutter_animate 4.5.2 [flutter flutter_shaders]
- flutter_localizations 0.0.0 [flutter intl path]
- flutter_secure_storage 9.2.4 [flutter flutter_secure_storage_linux flutter_secure_storage_macos flutter_secure_storage_platform_interface flutter_secure_storage_web flutter_secure_storage_windows meta]
- flutter_slidable 3.1.2 [flutter]
- font_awesome_flutter 10.12.0 [flutter]
- from_css_color 2.0.0 [flutter]
- geolocator 14.0.2 [flutter geolocator_platform_interface geolocator_android geolocator_apple geolocator_web geolocator_windows geolocator_linux]
- go_router 14.8.1 [collection flutter flutter_web_plugins logging meta]
- google_fonts 6.3.2 [crypto flutter http path_provider]
- google_maps_flutter 2.14.0 [flutter google_maps_flutter_android google_maps_flutter_ios google_maps_flutter_platform_interface google_maps_flutter_web]
- in_app_review 2.0.11 [flutter in_app_review_platform_interface]
- intl 0.20.2 [clock meta path]
- json_path 0.7.6 [iregexp maybe_just_nothing petitparser rfc_6901]
- lottie 3.3.2 [archive flutter http path vector_math]
- marquee 2.3.0 [fading_edge_scrollview flutter]
- mime_type 1.0.1
- page_transition 2.2.1 [flutter]
- permission_handler 12.0.1 [flutter meta permission_handler_android permission_handler_apple permission_handler_html permission_handler_windows permission_handler_platform_interface]
- photo_view 0.15.0 [flutter]
- provider 6.1.5+1 [collection flutter nested]
- salomon_bottom_bar 3.3.2 [flutter]
- share_plus 10.1.4 [cross_file meta mime flutter flutter_web_plugins share_plus_platform_interface file url_launcher_web url_launcher_windows url_launcher_linux url_launcher_platform_interface ffi web win32]
- shared_preferences 2.5.3 [flutter shared_preferences_android shared_preferences_foundation shared_preferences_linux shared_preferences_platform_interface shared_preferences_web shared_preferences_windows]
- synchronized 3.4.0
- timeago 3.7.1 [intl]
- tutorial_coach_mark 1.3.3 [flutter]
- url_launcher 6.3.2 [flutter url_launcher_android url_launcher_ios url_launcher_linux url_launcher_macos url_launcher_platform_interface url_launcher_web url_launcher_windows]
- video_player 2.10.1 [flutter html video_player_android video_player_avfoundation video_player_platform_interface video_player_web]
- voice_note_kit 1.3.3 [flutter http just_audio just_waveform path_provider permission_handler record]
- webview_flutter 4.13.0 [flutter webview_flutter_android webview_flutter_platform_interface webview_flutter_wkwebview]
dev dependencies:
- dependency_validator 4.1.3 [analyzer args build_config checked_yaml glob io json_annotation logging package_config path pub_semver pubspec_parse yaml]
- flutter_launcher_icons 0.13.1 [args checked_yaml cli_util image json_annotation path yaml]
- flutter_test 0.0.0 [flutter test_api matcher path fake_async clock stack_trace vector_math leak_tracker_flutter_testing collection meta stream_channel]
- integration_test 0.0.0 [flutter flutter_driver flutter_test path vm_service]
- patrol 3.20.0 [boolean_selector equatable flutter flutter_test http json_annotation meta patrol_finders patrol_log shelf test_api]
dependency overrides:
- fading_edge_scrollview 4.1.1 [flutter]
Additional context and comments
Requests from this Android client application are blocked
Is there an existing issue for this?
Which plugins are affected?
Other
Which platforms are affected?
Android
Description
Google recommends to restrict API keys, and even sent me a warning email for malicious traffic using one of my Android API keys. Afterwards, I locked down the Google API to my Android app (via Flutter) and this works with all Firebase functionalities on both iOS and Android.
I am using AppCheck, Firestore, Crashlytics, Analytics, Remote Config and now Firebase AI Logic (via the firebase_ai package).
I am trying to call a server prompt as below. It throws an immediate error with the message
Requests from this Android client application <empty> are blocked, but only for the FirebaseAI function. The hashes match and all other Firebase functions work as intended.My suspicion is that the firebase_ai package calls the google API without providing the
X-Android-PackageandX-Android-Certheaders.Reproducing the issue
Configure firebase_ai on Flutter with the newest versions (SDK & Plugins). Generate an API key on Google API Console and restrict the usage to android apps with specific hashes.
Code as below:
Firebase Core version
4.2.1
Flutter Version
3.38.3
Relevant Log Output
Flutter dependencies
Expand
Flutter dependenciessnippetAdditional context and comments
Requests from this Android client application are blocked