6801 catch insecure indexedDB access

[abilicz]

Related issue:
#6801

[changeset-bot]

🦋 Changeset detected

Latest commit: 5aa8147

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 28 packages

Name	Type
@firebase/util	Patch
@firebase/analytics-compat	Patch
@firebase/analytics	Patch
@firebase/app-check-compat	Patch
@firebase/app-check	Patch
@firebase/app-compat	Patch
@firebase/app	Patch
@firebase/auth-compat	Patch
@firebase/auth	Patch
@firebase/component	Patch
@firebase/database-compat	Patch
@firebase/database-types	Patch
@firebase/database	Patch
firebase	Patch
@firebase/firestore-compat	Patch
@firebase/firestore	Patch
@firebase/functions-compat	Patch
@firebase/functions	Patch
@firebase/installations-compat	Patch
@firebase/installations	Patch
@firebase/messaging-compat	Patch
@firebase/messaging	Patch
@firebase/performance-compat	Patch
@firebase/performance	Patch
@firebase/remote-config-compat	Patch
@firebase/remote-config	Patch
@firebase/storage-compat	Patch
@firebase/storage	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[hsubox76]

I'm trying to reproduce the error you showed here #6801 (comment)

I set Firefox to block all third-party cookies and I can't seem to reproduce it. When I type in "indexedDB" it says IDBFactory { }. I'm using Firefox 107.0.1 on Mac. I went to Settings > Privacy & Security, set Browser Privacy to Custom, and set Cookies to "All third-party cookies (may cause websites to break)".

[abilicz]

I think the key part here is:

Third party window content (e.g. <iframe> content) cannot access IndexedDB if the browser is set to never accept third party cookies

So if you will open for example this page https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe , open console and type indexedDB it will be fine, but if you change evaluation context to some iframe inside it will throw that error

For us this is an issue because we use Firebase from inside an iframe hosted by us, but iframe is inside Jira/Azure context , so top domain is different. Looks like some companies like to have this cookie policy set on some browsers. Unfortunately Firefox throws some exception.

[hsubox76]

Thanks! Got it. In that case the change looks good. Will merge when required checks pass.

[hsubox76]

Oops, looks like it failed the formatting check. Can you run yarn format on it?