I believe this particular solution exposes the function to unauthorized invocation. While we can implement authentication checks inside the function itself, an external bombardment of endless invocations could still result in significant billing charges before those checks fail.
We want to check for auth during the preflight request and this is what the oncall functions are developed for right? Automatic CORS and auth handling, how to get that to work... I am facing the unauthorized error as soon i tun auth required on, although there is an authorization header present when calling the function from the client.
Server side error:
textPayload: "The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header. Read more at https://cloud.google.com/run/docs/securing/authenticating Additional troubleshooting documentation can be found at: https://cloud.google.com/run/docs/troubleshooting#unauthorized-client"
Client side error:
enter image description here
