To troubleshoot this, I do a series of curl -I https:/example.com/bundle.js commands, then watch the 301/302 header for Location, and then curl that one. Lather, rinse, repeat until you see the pattern that’s looping. The most frequent cause is an insecure server that’s using HTTP while Cloudflare is set for HTTPS, and it just loops between HTTP and HTTPS.
I can confirm Firebase hosting works with Cloudflare Proxy , but …
Just to add a note here, depending on how the OP has setup the Firebase hosting “by default”, as far as I remember, he could add only non-www, or both www and non-www version of the domain.
Therefore, when the user adds the naked domain (non-www) to Firebase, Firebase “somehow” figures out and suggest the user adding the www too.
If the user adds the www too, therefore Firebase is asking for the confirmation with the dialog pop-up “should we redirect non-www to www?” as far as I remember.
Nevertheless, when using proxied records, at Firebase dashboard you would always see the notice “Needs setup” (above screenshot) - you can safely ignore it as long as if you have successfully setup the DNS records at Cloudflare (below screenshot as an example).
Also if I may add a note here, SSL settings at Cloudflare should be set to Full - while testing, the Flexible (even not recommended) and Full (Strict) are not working - at least not working as it throws the SSL or redirection error (not sure why exactly) for my three domains using Firebase hosting.
I have also added the Google’s recommended CAA records due to the Let’s Encrypt SSL certificate renewing … and certificate is new and valid from Google Firebase (LE)
Regarding the redirect, there is a way to setup the rewrites for the source and destination (accepts the wildcard symbol too ** ) in the firebase.json file, in case if needed.
Thanks, @sdayman. Firebase hosting is all HTTPS of course, and Firebase is probably competitive with Cloudflare in terms of protection - I’m not overly worried about anyone discovering my backend IP with Firebase. I don’t know how successful a DDOS attack would be against Google’s infrastructure. But I suspect that Cloudflare caching will make a difference in my monthly expenditure!