Skip to content

[Firebase AI] Add x-ios-bundle-identifier header to requests #15515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 21, 2025
Merged

[Firebase AI] Add x-ios-bundle-identifier header to requests #15515

merged 7 commits into from
Nov 21, 2025

Conversation

@google-labs-jules
Copy link
Contributor

@google-labs-jules google-labs-jules bot commented Nov 19, 2025
edited by paulb777
Loading

Added the x-ios-bundle-identifier header to GenerativeAIService and LiveSessionService requests to support iOS application API key restrictions. This requires callers to set the x-ios-bundle-identifier header to match one of the iOS Bundle IDs specified for the API key. This addresses #15475.

Important: We still strongly recommend the use of Firebase AppCheck instead of, or in addition to, API key restrictions.

@google-labs-jules
Add x-ios-bundle-identifier header to GenerativeAIService requests
b0660f9 
This change adds the `x-ios-bundle-identifier` header to requests made by `GenerativeAIService`. The value is set to `Bundle.main.bundleIdentifier` if available. This header is sent unconditionally.

A test assertion has been added to `GenerativeModelTestUtil.swift` to verify the presence and correctness of this header in unit tests.
@andrewheard andrewheard changed the title Add x-ios-bundle-identifier header to GenerativeAIService [Firebase AI] Add x-ios-bundle-identifier header to requests Nov 21, 2025
@firebase firebase deleted a comment from google-labs-jules bot Nov 21, 2025
paulb777
paulb777 approved these changes Nov 21, 2025
View reviewed changes
gemini-code-assist[bot]
gemini-code-assist bot reviewed Nov 21, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request correctly adds the x-ios-bundle-identifier header to support API key restrictions for iOS applications. The changes are applied to GenerativeAIService and LiveSessionService, and the unit tests have been updated accordingly. I've identified a small code duplication in GenerativeAIService.swift and a minor inconsistency in LiveSessionService.swift. Addressing these points will improve the code's clarity and maintainability.

@andrewheard
Copy link
Contributor

andrewheard commented Nov 21, 2025

Verified locally that requests missing the header produce API_KEY_IOS_APP_BLOCKED without the header and this fixes the error.

Full Response 
{
  "error": {
    "code": 403,
    "message": "Requests from this iOS client application com.google.firebase.FirebaseAITestApp are blocked.",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "API_KEY_IOS_APP_BLOCKED",
        "domain": "googleapis.com",
        "metadata": {
          "iosBundleId": "com.google.firebase.FirebaseAITestApp",
          "consumer": "projects/{project_number}",
          "service": "firebasevertexai.googleapis.com"
        }
      },
      {
        "@type": "type.googleapis.com/google.rpc.LocalizedMessage",
        "locale": "en-US",
        "message": "Requests from this iOS client application com.google.firebase.FirebaseAITestApp are blocked."
      }
    ]
  }
}

@google-labs-jules
Copy link
Contributor Author

google-labs-jules bot commented Nov 21, 2025

Verified locally that requests missing the header produce API_KEY_IOS_APP_BLOCKED without the header and this fixes the error.

Full Response 
{
  "error": {
    "code": 403,
    "message": "Requests from this iOS client application com.google.firebase.FirebaseAITestApp are blocked.",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "API_KEY_IOS_APP_BLOCKED",
        "domain": "googleapis.com",
        "metadata": {
          "iosBundleId": "com.google.firebase.FirebaseAITestApp",
          "consumer": "projects/{project_number}",
          "service": "firebasevertexai.googleapis.com"
        }
      },
      {
        "@type": "type.googleapis.com/google.rpc.LocalizedMessage",
        "locale": "en-US",
        "message": "Requests from this iOS client application com.google.firebase.FirebaseAITestApp are blocked."
      }
    ]
  }
}

Thanks for verifying!

@andrewheard andrewheard added this to the 12.7.0 - M174 milestone Nov 21, 2025
@andrewheard andrewheard marked this pull request as ready for review November 21, 2025 22:16
@andrewheard andrewheard merged commit cc8f4aa into main Nov 21, 2025
65 checks passed
@andrewheard andrewheard deleted the feature-add-bundle-id-header branch November 21, 2025 22:39
@paulb777 paulb777 mentioned this pull request Nov 21, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paulb777 paulb777 paulb777 approved these changes

@andrewheard andrewheard andrewheard left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

api: firebaseai

Projects

None yet

Milestone

12.7.0 - M174

Development

Successfully merging this pull request may close these issues.

3 participants

@andrewheard @paulb777 @google-oss-bot