[AI] Include the "X-Android-Package" and "X-Android-Cert" headers #7679
Conversation
These headers are necessary to support [API Key restrictions](https://docs.cloud.google.com/docs/authentication/api-keys#adding-application-restrictions). This feature enable you to limit which apps (by matching package name and cert) are allowed to make request. **Important**: We still *strongly* recommend the use of Firebase AppCheck instead of, or in addition to, API key restrictions.
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. |
|
/gemini review |
📝 PRs merging into main branchOur main branch should always be in a releasable state. If you are working on a larger change, or if you don't want this change to see the light of the day just yet, consider using a feature branch first, and only merge into the main branch when the code complete and ready to be released. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces the functionality to include X-Android-Package and X-Android-Cert headers in API requests. This is crucial for supporting API Key restrictions based on Android package name and certificate fingerprint, enhancing the security of API access. The implementation correctly handles different Android API levels for retrieving signing certificates and includes necessary test setup for Android context.
One minor improvement could be to remove a redundant import. Additionally, the use of an experimental API for hexadecimal formatting is noted, which might warrant consideration for stability in a production library.
firebase-ai/src/main/kotlin/com/google/firebase/ai/common/APIController.kt
Show resolved
Hide resolved
firebase-ai/src/main/kotlin/com/google/firebase/ai/common/APIController.kt
Outdated
Show resolved
Hide resolved
…ontroller.kt Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
1 participant
These headers are necessary to support API Key restrictions. This feature enable you to limit which apps (by matching package name and certificate fingerprint) are allowed to make request.
Important: We still strongly recommend the use of Firebase App Check instead of, or in addition to, API key restrictions.