v8.0.2 Regression in Firebase Auth: IDBFactory.open() called in an invalid security context

[vieira]

Describe your environment

• Operating System version: macOS Catalina (10.15.7)
• Browser version: Safari 13.1.3 (with Intelligent Tracking Protection turned on, which is the default)
• Firebase SDK version: 8.0.2 (also tested with 8.1.0, 8.1.1)
• Firebase Product: auth

Describe the problem

When firebase/auth is loaded in a cross-domain iframe an error is produced Unhandled Rejection (SecurityError): IDBFactory.open() called in an invalid security context and onAuthStateChanged never runs.

Downgrading to 8.0.1 solves the issue. I see that there was a change in firebase/auth related with IndexDB in 8.0.2, so I assume that #4059 introduced the regression.

I believe that previously, when it was not possible to use IndexDB for some reason it would fallback to localStorage?

Let me know if there is any other information we can provide.

[hsubox76]

May be related to #2393 where we had to add an async isSupported check to several packages that use IndexedDB to validate not just that window.IndexedDB exists but that no error is thrown on IDBFactory.open(), before trying to use IndexedDB.

The check logic is a bit convoluted because IndexedDB is quirky, and is here:

firebase-js-sdk/packages/util/src/environment.ts

Line 150 in c76e1ff

export function validateIndexedDBOpenable(): Promise<boolean> {

If auth needs to run something similar I guess it would have to be copied since auth code is Closure.

[ianwieds]

I'm experiencing something similar where I can't use Firebase at all inside an Electron app with custom protocols. I can confirm that it does not work on any version above 8.0.1 so I downgraded to that for now.

Error when calling .signOut(), .signInWithEmailAndPassword(), etc

Uncaught DOMException: Failed to execute 'open' on 'IDBFactory': access to the Indexed Database API is denied in this context.
    at /Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:291:53
    at new D (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:84:931)
    at uk (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:291:23)
    at vk (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:292:26)
    at c (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:292:77)
    at new D (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:84:931)
    at wk (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:292:216)
    at pk.k.set (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:293:204)
    at /Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:296:528
    at e.g (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:88:101)
    at Sc (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:91:195)
    at Oc (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:91:85)
    at D.k.fc (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:90:303)
    at xc (/Users/me/Documents/GitHub/my-project/node_modules/@firebase/auth/dist/auth.js:84:781)

[strom2357]

Thanks for reporting. This is being tracked internally at b/174244535

[sam-gc]

Hi everyone, thanks for your patience. @vieira would you mind checking to see if this is fixed for you in 8.1.2?

[vieira]

Hello @samhorlbeck,

The issue is no longer present in 8.1.2. Tested again with 8.1.1 (issue present) versus 8.1.2 (issue not present) under same configuration (Safari 13.1.3 with Prevent cross-site tracking).

Thanks!

[sam-gc]

Awesome, thanks for checking!