enforceAppCheck not working in onCallGenkit

[lukyanov]

[REQUIRED] Version info

node:

v22.14.0

firebase-functions:

6.3.2

firebase-tools:

14.4.0

firebase-admin:

13.4.0

[REQUIRED] Test case

exports.createTextTask = onCallGenkit(
  {
    enforceAppCheck: true
  },
  createTextTaskFlow,
);

[REQUIRED] Steps to reproduce

1. Add enforceAppCheck to onCallGengit
2. Call the function with a CURL command (with a wrong x-firebase-appcheck header)

[REQUIRED] Expected behavior

The request should be rejected.

[REQUIRED] Actual behavior

The request still goes through. In the logs:

• "Callable request verification failed: AppCheck token was rejected."
• "Allowing request with invalid AppCheck token because enforcement is disabled"

Were you able to successfully deploy your functions?

No errors during deploy.

[google-oss-bot]

I found a few problems with this issue:

• I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
• This issue does not seem to follow the issue template. Make sure you provide all the required information.

[CorieW]

Hi @lukyanov,

Thanks for reporting this issue! We’ve received it and are reviewing it. We’ll provide updates as soon as possible.

[lukyanov]

Everything is good. It was on my end. Sorry.