npm - @firebase/auth - Versions diffs - 1.13.2 → 1.13.3-20260615181107 - Mend

@firebase/auth 1.13.2 → 1.13.3-20260615181107

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/dist/rn/index.js CHANGED Viewed

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 var app = require('@firebase/app');
-var index = require('./index-d963ed8d.js');
+var index = require('./index-a4f26c54.js');
 require('@firebase/util');
 require('@firebase/component');
 require('@firebase/logger');

package/dist/rn/internal.js CHANGED Viewed

@@ -2,9 +2,9 @@
 Object.defineProperty(exports, '__esModule', { value: true });
-var index = require('./index-d963ed8d.js');
-var app = require('@firebase/app');
+var index = require('./index-a4f26c54.js');
 var util = require('@firebase/util');
+var app = require('@firebase/app');
 require('@firebase/component');
 require('@firebase/logger');

package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts CHANGED Viewed

@@ -19,12 +19,30 @@ import { Auth } from '../../model/public_types';
 import { AuthInternal } from '../../model/auth';
 export declare const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = "recaptcha-enterprise";
 export declare const FAKE_TOKEN = "NO_RECAPTCHA";
+export declare const RECAPTCHA_ENTERPRISE_ONLOAD_CALLBACK_NAME = "onFirebaseAuthREInstanceReady";
+declare global {
+    interface Window {
+        [RECAPTCHA_ENTERPRISE_ONLOAD_CALLBACK_NAME]: () => void;
+    }
+}
 export declare class RecaptchaEnterpriseVerifier {
     /**
      * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
      */
     readonly type = "recaptcha-enterprise";
     private readonly auth;
+    /**
+     * Deferred that resolves when script tag has been injected onto the page
+     * and the script is ready (grecaptcha.ready() and script.onload are not
+     * reliable indicators, so this resolves when the global
+     * `window[RECAPTCHA_ENTERPRISE_ONLOAD_CALLBACK_NAME]()` callback provided to the recaptcha url param "onload"
+     * is triggered).
+     * As a static variable this is applied to all instances of the class.
+     * This will cause an error if users try to create multiple RecaptchaVerifiers
+     * with different Recaptcha Enterprise sitekeys, which should be an
+     * unuspported use case.
+     */
+    private static scriptInjectionDeferred;
     /**
      *
      * @param authExtern - The corresponding Firebase {@link Auth} instance.

package/dist/rn/test/helpers/mock_loadjs.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export declare const mockLoadJS: () => Promise<Event>;

package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts CHANGED Viewed

@@ -19,12 +19,30 @@ import { Auth } from '../../model/public_types';
 import { AuthInternal } from '../../model/auth';
 export declare const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = "recaptcha-enterprise";
 export declare const FAKE_TOKEN = "NO_RECAPTCHA";
+export declare const RECAPTCHA_ENTERPRISE_ONLOAD_CALLBACK_NAME = "onFirebaseAuthREInstanceReady";
+declare global {
+    interface Window {
+        [RECAPTCHA_ENTERPRISE_ONLOAD_CALLBACK_NAME]: () => void;
+    }
+}
 export declare class RecaptchaEnterpriseVerifier {
     /**
      * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
      */
     readonly type = "recaptcha-enterprise";
     private readonly auth;
+    /**
+     * Deferred that resolves when script tag has been injected onto the page
+     * and the script is ready (grecaptcha.ready() and script.onload are not
+     * reliable indicators, so this resolves when the global
+     * `window[RECAPTCHA_ENTERPRISE_ONLOAD_CALLBACK_NAME]()` callback provided to the recaptcha url param "onload"
+     * is triggered).
+     * As a static variable this is applied to all instances of the class.
+     * This will cause an error if users try to create multiple RecaptchaVerifiers
+     * with different Recaptcha Enterprise sitekeys, which should be an
+     * unuspported use case.
+     */
+    private static scriptInjectionDeferred;
     /**
      *
      * @param authExtern - The corresponding Firebase {@link Auth} instance.

package/dist/test/helpers/mock_loadjs.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export declare const mockLoadJS: () => Promise<Event>;

package/dist/web-extension-cjs/index.js CHANGED Viewed

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
-var register = require('./register-5aa6f443.js');
+var register = require('./register-d3246200.js');
 var app = require('@firebase/app');
 var util = require('@firebase/util');
 require('@firebase/component');

package/dist/web-extension-cjs/internal.js CHANGED Viewed

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
-var register = require('./register-5aa6f443.js');
+var register = require('./register-d3246200.js');
 var util = require('@firebase/util');
 var app = require('@firebase/app');
 require('@firebase/component');

package/dist/web-extension-cjs/{register-5aa6f443.js → register-d3246200.js} RENAMED Viewed

@@ -806,8 +806,8 @@ async function _performApiRequest(auth, method, path, request, customErrorMap =
             }
         }
         const query = util.querystring({
-            key: auth.config.apiKey,
-            ...params
+            ...params,
+            key: auth.config.apiKey
         }).slice(1);
         const headers = await auth._getAdditionalHeaders();
         headers["Content-Type" /* HttpHeader.CONTENT_TYPE */] = 'application/json';
@@ -824,7 +824,7 @@ async function _performApiRequest(auth, method, path, request, customErrorMap =
            'RequestInitializerDict' is not implemented."
            https://github.com/cloudflare/next-on-pages/issues/487 */
         if (!util.isCloudflareWorker()) {
-            fetchArgs.referrerPolicy = 'no-referrer';
+            fetchArgs.referrerPolicy = 'strict-origin-when-cross-origin';
         }
         if (auth.emulatorConfig && util.isCloudWorkstation(auth.emulatorConfig.host)) {
             fetchArgs.credentials = 'include';
@@ -3332,6 +3332,7 @@ function generateRandomAlphaNumericString(len) {
 /* eslint-disable @typescript-eslint/no-require-imports */
 const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
 const FAKE_TOKEN = 'NO_RECAPTCHA';
+const RECAPTCHA_ENTERPRISE_ONLOAD_CALLBACK_NAME = 'onFirebaseAuthREInstanceReady';
 class RecaptchaEnterpriseVerifier {
     /**
      *
@@ -3411,8 +3412,13 @@ class RecaptchaEnterpriseVerifier {
         }
         return new Promise((resolve, reject) => {
             retrieveSiteKey(this.auth)
-                .then(siteKey => {
-                if (!forceRefresh && isEnterprise(window.grecaptcha)) {
+                .then(async (siteKey) => {
+                if (!forceRefresh &&
+                    isEnterprise(window.grecaptcha) &&
+                    // If download has already been initiated, do not trigger another
+                    // download, await the promise here.
+                    RecaptchaEnterpriseVerifier.scriptInjectionDeferred) {
+                    await RecaptchaEnterpriseVerifier.scriptInjectionDeferred.promise;
                     retrieveRecaptchaToken(siteKey, resolve, reject);
                 }
                 else {
@@ -3422,9 +3428,25 @@ class RecaptchaEnterpriseVerifier {
                     }
                     let url = _recaptchaEnterpriseScriptUrl();
                     if (url.length !== 0) {
-                        url += siteKey;
+                        url +=
+                            siteKey +
+                                `&onload=${RECAPTCHA_ENTERPRISE_ONLOAD_CALLBACK_NAME}`;
                     }
+                    // Existence of deferred indicates download has been initiated.
+                    RecaptchaEnterpriseVerifier.scriptInjectionDeferred =
+                        new util.Deferred();
+                    /**
+                     * Script attached to global window object that will be called
+                     * when the ReCAPTCHA Enterprise instance is ready.
+                     * grecaptcha.ready() is not reliable when there are multiple
+                     * scripts on the page, and script.onload only indicates the
+                     * script has downloaded, not that it has initialized.
+                     */
+                    window[RECAPTCHA_ENTERPRISE_ONLOAD_CALLBACK_NAME] = () => {
+                        RecaptchaEnterpriseVerifier.scriptInjectionDeferred?.resolve();
+                    };
                     _loadJS(url)
+                        .then(() => RecaptchaEnterpriseVerifier.scriptInjectionDeferred?.promise)
                         .then(() => {
                         retrieveRecaptchaToken(siteKey, resolve, reject);
                     })
@@ -3439,6 +3461,18 @@ class RecaptchaEnterpriseVerifier {
         });
     }
 }
+/**
+ * Deferred that resolves when script tag has been injected onto the page
+ * and the script is ready (grecaptcha.ready() and script.onload are not
+ * reliable indicators, so this resolves when the global
+ * `window[RECAPTCHA_ENTERPRISE_ONLOAD_CALLBACK_NAME]()` callback provided to the recaptcha url param "onload"
+ * is triggered).
+ * As a static variable this is applied to all instances of the class.
+ * This will cause an error if users try to create multiple RecaptchaVerifiers
+ * with different Recaptcha Enterprise sitekeys, which should be an
+ * unuspported use case.
+ */
+RecaptchaEnterpriseVerifier.scriptInjectionDeferred = null;
 async function injectRecaptchaFields(auth, request, action, isCaptchaResp = false, isFakeToken = false) {
     const verifier = new RecaptchaEnterpriseVerifier(auth);
     let captchaResponse;
@@ -8113,7 +8147,7 @@ function _isEmptyString(input) {
 }
 var name = "@firebase/auth";
-var version = "1.13.2";
+var version = "1.13.3-20260615181107";
 /**
  * @license
@@ -8377,4 +8411,4 @@ exports.useDeviceLanguage = useDeviceLanguage;
 exports.validatePassword = validatePassword;
 exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
 exports.verifyPasswordResetCode = verifyPasswordResetCode;
-//# sourceMappingURL=register-5aa6f443.js.map
+//# sourceMappingURL=register-d3246200.js.map