[FCM] updateToken always blocked by CORS

[k-1ee]

Operating System

MacOS Sonoma 14.4.1

Browser Version

Chrome/124.0.6367.92

Firebase SDK Version

10.8.0

Firebase SDK Product:

Messaging

Describe your project's tooling

Next.js app

Describe the problem

When getToken is called with an expired FCM token, the SDK attempts to update the token by making a call to updateToken, which sends a PATCH request to the Firebase backend. However, this update sequence always fails due to the following CORS error:

Access to fetch at 'https://fcmregistrations.googleapis.com/v1/projects/{projectId}/registrations/{token}' from origin '...' has been blocked by CORS policy: Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response.

Is the PATCH method missing from the allowed methods list of this endpoint?

Since the token expiry is set to one week, this issue is not easy to reproduce. However, a subsequent call to getToken (refreshing the page in our case) seems to work fine.

Steps and code to reproduce issue

• Initialize Firebase & call getToken
• After the token has expired (set to one week by SDK), call getToken
• See that getToken fails at PATCH request due to CORS

[zwu52]

Checked server stats, fm server has been serving patch to the update_token endpoint without outages. Unsure why the error. If it's non-recurring, feel free to close.

[k-1ee]

@zwu52 - Thanks for checking! But this has been a recurring issue for the past couple weeks.

Just to make sure, does the following endpoint allow PATCH under Access-Control-Allow-Methods?

https://fcmregistrations.googleapis.com/v1/projects/{projectId}/registrations/{token}