Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

singInWithCustomToken not working in Firefox with third party cookies disabled #6801

Closed
mwisniewski2000 opened this issue Nov 16, 2022 · 7 comments
Closed

singInWithCustomToken not working in Firefox with third party cookies disabled #6801

mwisniewski2000 opened this issue Nov 16, 2022 · 7 comments
Labels
api: auth

Comments

@mwisniewski2000
Copy link

[REQUIRED] Describe your environment

  • Operating System version: macOs Monterey 12.4
  • Browser version: Firefox 107.0 (64-bit)
  • Firebase SDK version: 9.14.0
  • Firebase Product: auth

[REQUIRED] Describe the problem

Steps to reproduce:

When user blocks all third party cookies on Firefox browser and tries to login with signInWithCustomToken this error shows: FirebaseError: Firebase: Error (auth/network-request-failed)., while when we block third party cookies on chrome everything works perfectly.
Is there some way to make it work, or is it just impossible with third party cookies blocked in firefox?
Screenshot 2022-11-15 at 19 51 16
Screenshot 2022-11-15 at 19 50 45

Relevant Code:

await signInWithCustomToken(auth, token);
@sam-gc
Copy link
Contributor

sam-gc commented Nov 21, 2022

This is odd, can you check the network panel to see if Firefox is directly blocking the relevant API call? signInWithCredential translates to a straightforward REST call.

@mwisniewski2000
Copy link
Author

This is odd, can you check the network panel to see if Firefox is directly blocking the relevant API call? signInWithCredential translates to a straightforward REST call.

In Firefox network tab I can't see any request at all. In chrome with disabled third party cookies I can see this accounts:signInWithCustomToken request.

@prameshj
Copy link
Contributor

In Firefox network tab I can't see any request at all. In chrome with disabled third party cookies I can see this accounts:signInWithCustomToken request.

Interesting, that looks like Firefox might be blocking the network request from happening. Any console logs that hint what might be going on?

@mwisniewski2000
Copy link
Author

In Firefox network tab I can't see any request at all. In chrome with disabled third party cookies I can see this accounts:signInWithCustomToken request.

Interesting, that looks like Firefox might be blocking the network request from happening. Any console logs that hint what might be going on?

Just this error I attached in description :(

@abilicz
Copy link
Contributor

abilicz commented Nov 30, 2022

Its basically this part of code throwing operation insecure:
this._heartbeatsCachePromise = this._storage.read().then(result => { this._heartbeatsCache = result; return result; }); }
and this promise rejects before making the actual request inside getHeartbeatsHeader
I guess Firefox when third party cookies are blocked is preventing reading and writing to IndexedDB?

@abilicz
Copy link
Contributor

abilicz commented Nov 30, 2022

Ok, I think a root cause of the issue is https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API/Using_IndexedDB#security.
So here https://github.com/firebase/firebase-js-sdk/blob/master/packages/util/src/environment.ts#L143
accessing indexedDB throws an error which isn't handled
Screen Shot 2022-11-30 at 9 38 50 PM

@abilicz abilicz mentioned this issue Nov 30, 2022
Merged
@mwisniewski2000
Copy link
Author

I'll close this issue, as it is resolved in this pr: #6841 .

@firebase firebase locked and limited conversation to collaborators Jan 5, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
api: auth
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@sam-gc @hsubox76 @google-oss-bot @abilicz @prameshj @mwisniewski2000