nodemailer | ✉️ Send e-mails with Node.JS – easy as cake | Email library

I deployed a function to firebase and when I test the function to send an email I get the following error:

I am using nodemailer to send mail
It works perfectly on the local instance as it is the same device
NOTE: This is just a representation of the mailer program and there are different values in the actual codebase
My code
nodule.js

I am working to remedy some security vulnerabilities from a penetration test. The vulnerability in question is a "Web Server Vulnerable to HTTP Host Header Attack" with a recommendation of "...the Host request header is user specified and shouldn't be trusted. Ensure that strict white listing is used to validate the Host header."

I am currently using React.js as my frontend frame work and Firebase for Functions (Node.js), Hosting, Authentication, Storage and Analytics. I am not understanding from my general internet search where or even what I should be changing to remedy this vulnerability? I am gathering that I may be using code in my server calls that is using the raw "HOST" variable, but I don't see anywhere in my code this is accessed explicitly. I do have an functions.https.onCall() function, which is maybe using the HOST internally. Obviously have many onCreate(), onUpdate(), etc calls. Maybe it is another function or library I am using behind the scenes?

What is the solution to prevent host header attacks on Firebase?

Firebase Functions package.json:

When i set my username and password directly in a nodemailer server, it works as expected

I have upgraded my angular to angular 13. when I run to build SSR it gives me following error.

I have a contact me form in my website and I'm trying to send an email using gmail service and it's working flawlessly in my local dev environment, but I'm having this issue:

{code: 'EAUTH', response: '535-5.7.8 Username and Password not accepted. Lear…mail/?p=BadCredentials e19sm4851511qty.16 - gsmtp', responseCode: 535, command: 'AUTH PLAIN'}

I googled a lot and looked in the docs but all I found was to make the "Less secure app access" option in Google accounts turned on, and I did that, I tried turning it off and on and I made sure it was working in my local machine, but unfortunately it's not working in when I send the request to my API in Vercel endpoint.

my React code

My web works perfectly on my local machine and all that, but in Heroku I deployed my app and nothing is working, and when: $ heroku logs --tail

I need to send a email with nodemailer, but in the email i need to attach an pdf that i generate using jspdf, the thing is that i cannot attach an object to an email, i can attach a file getting it's path, a string, and a lot of other things, but an object i cannot.

I tought of saving the pdf and using it's path, but this is all working on an VM, so i dont want to use too much cpu power or ram space.

I also tried using JSON.stringify() in the pdf, but it didn't work, and the file attached to the email was empty.

I'm currently creating users using the next.js API, however, I now want to send emails using sendgrid.

I have this setup, however, I get the following