@firebase/auth 1.6.2-canary.1eb302f5a → 1.6.2-canary.9ca1a4e4f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/dist/browser-cjs/{index-c83b671a.js → index-4bb741aa.js} +13 -8
  2. package/dist/{esm2017/index-0618d52e.js.map → browser-cjs/index-4bb741aa.js.map} +1 -1
  3. package/dist/browser-cjs/index.js +1 -1
  4. package/dist/browser-cjs/internal.js +1 -1
  5. package/dist/cordova/index.js +2 -2
  6. package/dist/cordova/internal.js +15 -10
  7. package/dist/cordova/internal.js.map +1 -1
  8. package/dist/cordova/{popup_redirect-b062de71.js → popup_redirect-e6ea1b98.js} +2 -2
  9. package/dist/cordova/{popup_redirect-b062de71.js.map → popup_redirect-e6ea1b98.js.map} +1 -1
  10. package/dist/esm2017/{index-0618d52e.js → index-7b6b96fc.js} +13 -8
  11. package/dist/{browser-cjs/index-c83b671a.js.map → esm2017/index-7b6b96fc.js.map} +1 -1
  12. package/dist/esm2017/index.js +1 -1
  13. package/dist/esm2017/internal.js +2 -2
  14. package/dist/esm5/{index-b795af8f.js → index-34b18b0c.js} +15 -10
  15. package/dist/esm5/{index-b795af8f.js.map → index-34b18b0c.js.map} +1 -1
  16. package/dist/esm5/index.js +1 -1
  17. package/dist/esm5/internal.js +2 -2
  18. package/dist/index.webworker.esm5.js +1 -1
  19. package/dist/node/index.js +1 -1
  20. package/dist/node/internal.js +1 -1
  21. package/dist/node/{totp-7df9dd11.js → totp-52ef78b2.js} +2 -2
  22. package/dist/node/{totp-7df9dd11.js.map → totp-52ef78b2.js.map} +1 -1
  23. package/dist/node-esm/index.js +1 -1
  24. package/dist/node-esm/internal.js +2 -2
  25. package/dist/node-esm/{totp-979f9b94.js → totp-731b74ae.js} +2 -2
  26. package/dist/node-esm/{totp-979f9b94.js.map → totp-731b74ae.js.map} +1 -1
  27. package/dist/rn/{index-f3976797.js → index-bb64bc87.js} +2 -2
  28. package/dist/rn/{index-f3976797.js.map → index-bb64bc87.js.map} +1 -1
  29. package/dist/rn/index.js +1 -1
  30. package/dist/rn/internal.js +14 -9
  31. package/dist/rn/internal.js.map +1 -1
  32. package/dist/web-extension-cjs/index.js +1 -1
  33. package/dist/web-extension-cjs/internal.js +12 -7
  34. package/dist/web-extension-cjs/internal.js.map +1 -1
  35. package/dist/web-extension-cjs/{register-5cf45fcf.js → register-715e1b3d.js} +2 -2
  36. package/dist/web-extension-cjs/{register-5cf45fcf.js.map → register-715e1b3d.js.map} +1 -1
  37. package/dist/web-extension-esm2017/index.js +2 -2
  38. package/dist/web-extension-esm2017/internal.js +13 -8
  39. package/dist/web-extension-esm2017/internal.js.map +1 -1
  40. package/dist/web-extension-esm2017/{register-bd5654eb.js → register-c8de982b.js} +2 -2
  41. package/dist/web-extension-esm2017/{register-bd5654eb.js.map → register-c8de982b.js.map} +1 -1
  42. package/package.json +7 -7
package/dist/web-extension-esm2017/index.js CHANGED
@@ -1,5 +1,5 @@
1
- import { r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, c as connectAuthEmulator } from './register-bd5654eb.js';
2
- export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-bd5654eb.js';
1
+ import { r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, c as connectAuthEmulator } from './register-c8de982b.js';
2
+ export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-c8de982b.js';
3
3
  import { _getProvider, getApp } from '@firebase/app';
4
4
  import { getDefaultEmulatorHost } from '@firebase/util';
5
5
  import 'tslib';
package/dist/web-extension-esm2017/internal.js CHANGED
@@ -1,5 +1,5 @@
1
- import { a8 as STORAGE_AVAILABLE_KEY, a9 as _isIframe, aa as _isMobileBrowser, ab as _isIE10, ac as _isSafari, ad as _isIOS, ae as _assert, af as Delay, ag as _window, ah as isV2, ai as _createError, aj as _recaptchaV2ScriptUrl, ak as _loadJS, al as _generateCallbackName, am as _castAuth, an as _isHttpOrHttps, ao as _isWorker, ap as getRecaptchaParams, z as signInWithCredential, aq as _assertLinkedStatus, B as linkWithCredential, C as reauthenticateWithCredential, ar as startEnrollPhoneMfa, as as startSignInPhoneMfa, at as sendPhoneVerificationCode, au as _link$1, P as PhoneAuthCredential, av as _getInstance, aw as _signInWithCredential, ax as _reauthenticate, m as AuthCredential, ay as signInWithIdp, az as _fail, aA as debugAssert, aB as _assertInstanceOf, aC as _generateEventId, aD as FederatedAuthProvider, aE as _persistenceKeyName, aF as _performApiRequest, aG as _getCurrentUrl, aH as _gapiScriptUrl, aI as _emulatorUrl, aJ as _isChromeIOS, aK as _isFirefox, aL as _isIOSStandalone, aM as BaseOAuthProvider, aN as _setWindowLocation, aO as MultiFactorAssertionImpl, aP as finalizeEnrollPhoneMfa, aQ as finalizeSignInPhoneMfa, r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, e as beforeAuthStateChanged, o as onIdTokenChanged, c as connectAuthEmulator, aR as _setExternalJSProvider, aS as _isAndroid, aT as _isIOS7Or8 } from './register-bd5654eb.js';
2
- export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, aV as AuthImpl, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, aX as FetchProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, aY as SAMLAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, aU as UserImpl, ae as _assert, am as _castAuth, az as _fail, aC as _generateEventId, aW as _getClientVersion, av as _getInstance, aE as _persistenceKeyName, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-bd5654eb.js';
1
+ import { a8 as STORAGE_AVAILABLE_KEY, a9 as _isIframe, aa as _isMobileBrowser, ab as _isIE10, ac as _isSafari, ad as _isIOS, ae as _assert, af as Delay, ag as _window, ah as isV2, ai as _createError, aj as _recaptchaV2ScriptUrl, ak as _loadJS, al as _generateCallbackName, am as _castAuth, an as _isHttpOrHttps, ao as _isWorker, ap as getRecaptchaParams, z as signInWithCredential, aq as _assertLinkedStatus, B as linkWithCredential, C as reauthenticateWithCredential, ar as startEnrollPhoneMfa, as as startSignInPhoneMfa, at as sendPhoneVerificationCode, au as _link$1, P as PhoneAuthCredential, av as _getInstance, aw as _signInWithCredential, ax as _reauthenticate, m as AuthCredential, ay as signInWithIdp, az as _fail, aA as debugAssert, aB as _assertInstanceOf, aC as _generateEventId, aD as FederatedAuthProvider, aE as _persistenceKeyName, aF as _performApiRequest, aG as _getCurrentUrl, aH as _gapiScriptUrl, aI as _emulatorUrl, aJ as _isChromeIOS, aK as _isFirefox, aL as _isIOSStandalone, aM as BaseOAuthProvider, aN as _setWindowLocation, aO as MultiFactorAssertionImpl, aP as finalizeEnrollPhoneMfa, aQ as finalizeSignInPhoneMfa, r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, e as beforeAuthStateChanged, o as onIdTokenChanged, c as connectAuthEmulator, aR as _setExternalJSProvider, aS as _isAndroid, aT as _isIOS7Or8 } from './register-c8de982b.js';
2
+ export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, aV as AuthImpl, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, aX as FetchProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, aY as SAMLAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, aU as UserImpl, ae as _assert, am as _castAuth, az as _fail, aC as _generateEventId, aW as _getClientVersion, av as _getInstance, aE as _persistenceKeyName, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-c8de982b.js';
3
3
  import { getUA, querystring, getModularInstance, isEmpty, getExperimentalSetting, getDefaultEmulatorHost, querystringDecode } from '@firebase/util';
4
4
  import 'tslib';
5
5
  import { SDK_VERSION, _getProvider, getApp } from '@firebase/app';
@@ -2748,12 +2748,17 @@ function getAuth(app = getApp()) {
2748
2748
  ]
2749
2749
  });
2750
2750
  const authTokenSyncPath = getExperimentalSetting('authTokenSyncURL');
2751
- // Don't allow urls (XSS possibility), only paths on the same domain
2752
- // (starting with a single '/')
2753
- if (authTokenSyncPath && authTokenSyncPath.match(/^\/[^\/].*/)) {
2754
- const mintCookie = mintCookieFactory(authTokenSyncPath);
2755
- beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
2756
- onIdTokenChanged(auth, user => mintCookie(user));
2751
+ // Only do the Cookie exchange in a secure context
2752
+ if (authTokenSyncPath &&
2753
+ typeof isSecureContext === 'boolean' &&
2754
+ isSecureContext) {
2755
+ // Don't allow urls (XSS possibility), only paths on the same domain
2756
+ const authTokenSyncUrl = new URL(authTokenSyncPath, location.origin);
2757
+ if (location.origin === authTokenSyncUrl.origin) {
2758
+ const mintCookie = mintCookieFactory(authTokenSyncUrl.toString());
2759
+ beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
2760
+ onIdTokenChanged(auth, user => mintCookie(user));
2761
+ }
2757
2762
  }
2758
2763
  const authEmulatorHost = getDefaultEmulatorHost('auth');
2759
2764
  if (authEmulatorHost) {