@firebase/auth 1.6.2-canary.1eb302f5a → 1.6.2-canary.9ca1a4e4f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/dist/browser-cjs/{index-c83b671a.js → index-4bb741aa.js} +13 -8
  2. package/dist/{esm2017/index-0618d52e.js.map → browser-cjs/index-4bb741aa.js.map} +1 -1
  3. package/dist/browser-cjs/index.js +1 -1
  4. package/dist/browser-cjs/internal.js +1 -1
  5. package/dist/cordova/index.js +2 -2
  6. package/dist/cordova/internal.js +15 -10
  7. package/dist/cordova/internal.js.map +1 -1
  8. package/dist/cordova/{popup_redirect-b062de71.js → popup_redirect-e6ea1b98.js} +2 -2
  9. package/dist/cordova/{popup_redirect-b062de71.js.map → popup_redirect-e6ea1b98.js.map} +1 -1
  10. package/dist/esm2017/{index-0618d52e.js → index-7b6b96fc.js} +13 -8
  11. package/dist/{browser-cjs/index-c83b671a.js.map → esm2017/index-7b6b96fc.js.map} +1 -1
  12. package/dist/esm2017/index.js +1 -1
  13. package/dist/esm2017/internal.js +2 -2
  14. package/dist/esm5/{index-b795af8f.js → index-34b18b0c.js} +15 -10
  15. package/dist/esm5/{index-b795af8f.js.map → index-34b18b0c.js.map} +1 -1
  16. package/dist/esm5/index.js +1 -1
  17. package/dist/esm5/internal.js +2 -2
  18. package/dist/index.webworker.esm5.js +1 -1
  19. package/dist/node/index.js +1 -1
  20. package/dist/node/internal.js +1 -1
  21. package/dist/node/{totp-7df9dd11.js → totp-52ef78b2.js} +2 -2
  22. package/dist/node/{totp-7df9dd11.js.map → totp-52ef78b2.js.map} +1 -1
  23. package/dist/node-esm/index.js +1 -1
  24. package/dist/node-esm/internal.js +2 -2
  25. package/dist/node-esm/{totp-979f9b94.js → totp-731b74ae.js} +2 -2
  26. package/dist/node-esm/{totp-979f9b94.js.map → totp-731b74ae.js.map} +1 -1
  27. package/dist/rn/{index-f3976797.js → index-bb64bc87.js} +2 -2
  28. package/dist/rn/{index-f3976797.js.map → index-bb64bc87.js.map} +1 -1
  29. package/dist/rn/index.js +1 -1
  30. package/dist/rn/internal.js +14 -9
  31. package/dist/rn/internal.js.map +1 -1
  32. package/dist/web-extension-cjs/index.js +1 -1
  33. package/dist/web-extension-cjs/internal.js +12 -7
  34. package/dist/web-extension-cjs/internal.js.map +1 -1
  35. package/dist/web-extension-cjs/{register-5cf45fcf.js → register-715e1b3d.js} +2 -2
  36. package/dist/web-extension-cjs/{register-5cf45fcf.js.map → register-715e1b3d.js.map} +1 -1
  37. package/dist/web-extension-esm2017/index.js +2 -2
  38. package/dist/web-extension-esm2017/internal.js +13 -8
  39. package/dist/web-extension-esm2017/internal.js.map +1 -1
  40. package/dist/web-extension-esm2017/{register-bd5654eb.js → register-c8de982b.js} +2 -2
  41. package/dist/web-extension-esm2017/{register-bd5654eb.js.map → register-c8de982b.js.map} +1 -1
  42. package/package.json +7 -7
package/dist/browser-cjs/{index-c83b671a.js → index-4bb741aa.js} RENAMED
@@ -10289,7 +10289,7 @@ function _isEmptyString(input) {
10289
10289
  }
10290
10290
 
10291
10291
  var name = "@firebase/auth";
10292
- var version = "1.6.2-canary.1eb302f5a";
10292
+ var version = "1.6.2-canary.9ca1a4e4f";
10293
10293
 
10294
10294
  /**
10295
10295
  * @license
@@ -10498,12 +10498,17 @@ function getAuth(app$1 = app.getApp()) {
10498
10498
  ]
10499
10499
  });
10500
10500
  const authTokenSyncPath = util.getExperimentalSetting('authTokenSyncURL');
10501
- // Don't allow urls (XSS possibility), only paths on the same domain
10502
- // (starting with a single '/')
10503
- if (authTokenSyncPath && authTokenSyncPath.match(/^\/[^\/].*/)) {
10504
- const mintCookie = mintCookieFactory(authTokenSyncPath);
10505
- beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
10506
- onIdTokenChanged(auth, user => mintCookie(user));
10501
+ // Only do the Cookie exchange in a secure context
10502
+ if (authTokenSyncPath &&
10503
+ typeof isSecureContext === 'boolean' &&
10504
+ isSecureContext) {
10505
+ // Don't allow urls (XSS possibility), only paths on the same domain
10506
+ const authTokenSyncUrl = new URL(authTokenSyncPath, location.origin);
10507
+ if (location.origin === authTokenSyncUrl.origin) {
10508
+ const mintCookie = mintCookieFactory(authTokenSyncUrl.toString());
10509
+ beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
10510
+ onIdTokenChanged(auth, user => mintCookie(user));
10511
+ }
10507
10512
  }
10508
10513
  const authEmulatorHost = util.getDefaultEmulatorHost('auth');
10509
10514
  if (authEmulatorHost) {
@@ -10645,4 +10650,4 @@ exports.useDeviceLanguage = useDeviceLanguage;
10645
10650
  exports.validatePassword = validatePassword;
10646
10651
  exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
10647
10652
  exports.verifyPasswordResetCode = verifyPasswordResetCode;
10648
- //# sourceMappingURL=index-c83b671a.js.map
10653
+ //# sourceMappingURL=index-4bb741aa.js.map