@firebase/auth 1.6.2-canary.1eb302f5a → 1.6.2-canary.9ca1a4e4f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/dist/browser-cjs/{index-c83b671a.js → index-4bb741aa.js} +13 -8
  2. package/dist/{esm2017/index-0618d52e.js.map → browser-cjs/index-4bb741aa.js.map} +1 -1
  3. package/dist/browser-cjs/index.js +1 -1
  4. package/dist/browser-cjs/internal.js +1 -1
  5. package/dist/cordova/index.js +2 -2
  6. package/dist/cordova/internal.js +15 -10
  7. package/dist/cordova/internal.js.map +1 -1
  8. package/dist/cordova/{popup_redirect-b062de71.js → popup_redirect-e6ea1b98.js} +2 -2
  9. package/dist/cordova/{popup_redirect-b062de71.js.map → popup_redirect-e6ea1b98.js.map} +1 -1
  10. package/dist/esm2017/{index-0618d52e.js → index-7b6b96fc.js} +13 -8
  11. package/dist/{browser-cjs/index-c83b671a.js.map → esm2017/index-7b6b96fc.js.map} +1 -1
  12. package/dist/esm2017/index.js +1 -1
  13. package/dist/esm2017/internal.js +2 -2
  14. package/dist/esm5/{index-b795af8f.js → index-34b18b0c.js} +15 -10
  15. package/dist/esm5/{index-b795af8f.js.map → index-34b18b0c.js.map} +1 -1
  16. package/dist/esm5/index.js +1 -1
  17. package/dist/esm5/internal.js +2 -2
  18. package/dist/index.webworker.esm5.js +1 -1
  19. package/dist/node/index.js +1 -1
  20. package/dist/node/internal.js +1 -1
  21. package/dist/node/{totp-7df9dd11.js → totp-52ef78b2.js} +2 -2
  22. package/dist/node/{totp-7df9dd11.js.map → totp-52ef78b2.js.map} +1 -1
  23. package/dist/node-esm/index.js +1 -1
  24. package/dist/node-esm/internal.js +2 -2
  25. package/dist/node-esm/{totp-979f9b94.js → totp-731b74ae.js} +2 -2
  26. package/dist/node-esm/{totp-979f9b94.js.map → totp-731b74ae.js.map} +1 -1
  27. package/dist/rn/{index-f3976797.js → index-bb64bc87.js} +2 -2
  28. package/dist/rn/{index-f3976797.js.map → index-bb64bc87.js.map} +1 -1
  29. package/dist/rn/index.js +1 -1
  30. package/dist/rn/internal.js +14 -9
  31. package/dist/rn/internal.js.map +1 -1
  32. package/dist/web-extension-cjs/index.js +1 -1
  33. package/dist/web-extension-cjs/internal.js +12 -7
  34. package/dist/web-extension-cjs/internal.js.map +1 -1
  35. package/dist/web-extension-cjs/{register-5cf45fcf.js → register-715e1b3d.js} +2 -2
  36. package/dist/web-extension-cjs/{register-5cf45fcf.js.map → register-715e1b3d.js.map} +1 -1
  37. package/dist/web-extension-esm2017/index.js +2 -2
  38. package/dist/web-extension-esm2017/internal.js +13 -8
  39. package/dist/web-extension-esm2017/internal.js.map +1 -1
  40. package/dist/web-extension-esm2017/{register-bd5654eb.js → register-c8de982b.js} +2 -2
  41. package/dist/web-extension-esm2017/{register-bd5654eb.js.map → register-c8de982b.js.map} +1 -1
  42. package/package.json +7 -7
package/dist/browser-cjs/index.js CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Object.defineProperty(exports, '__esModule', { value: true });
4
4
 
5
- var index = require('./index-c83b671a.js');
5
+ var index = require('./index-4bb741aa.js');
6
6
  require('@firebase/util');
7
7
  require('@firebase/app');
8
8
  require('@firebase/logger');
package/dist/browser-cjs/internal.js CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Object.defineProperty(exports, '__esModule', { value: true });
4
4
 
5
- var index = require('./index-c83b671a.js');
5
+ var index = require('./index-4bb741aa.js');
6
6
  var util = require('@firebase/util');
7
7
  require('@firebase/app');
8
8
  require('@firebase/logger');
package/dist/cordova/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { getApp, _getProvider } from '@firebase/app';
2
- import { _ as _signInWithRedirect, a as _reauthenticateWithRedirect, b as _linkWithRedirect, r as registerAuth, i as initializeAuth, c as indexedDBLocalPersistence, d as cordovaPopupRedirectResolver } from './popup_redirect-b062de71.js';
3
- export { A as ActionCodeOperation, a6 as ActionCodeURL, y as AuthCredential, w as AuthErrorCodes, E as EmailAuthCredential, D as EmailAuthProvider, G as FacebookAuthProvider, F as FactorId, I as GithubAuthProvider, H as GoogleAuthProvider, z as OAuthCredential, J as OAuthProvider, O as OperationType, B as PhoneAuthCredential, P as ProviderId, K as SAMLAuthProvider, S as SignInMethod, T as TwitterAuthProvider, W as applyActionCode, j as beforeAuthStateChanged, e as browserLocalPersistence, f as browserSessionPersistence, X as checkActionCode, V as confirmPasswordReset, x as connectAuthEmulator, d as cordovaPopupRedirectResolver, Z as createUserWithEmailAndPassword, q as debugErrorMap, p as deleteUser, a3 as fetchSignInMethodsForEmail, ae as getAdditionalUserInfo, ab as getIdToken, ac as getIdTokenResult, ag as getMultiFactorResolver, g as getRedirectResult, C as inMemoryPersistence, c as indexedDBLocalPersistence, i as initializeAuth, h as initializeRecaptchaConfig, a1 as isSignInWithEmailLink, N as linkWithCredential, ah as multiFactor, k as onAuthStateChanged, o as onIdTokenChanged, a7 as parseActionCodeURL, t as prodErrorMap, Q as reauthenticateWithCredential, af as reload, n as revokeAccessToken, a4 as sendEmailVerification, U as sendPasswordResetEmail, a0 as sendSignInLinkToEmail, s as setPersistence, L as signInAnonymously, M as signInWithCredential, R as signInWithCustomToken, $ as signInWithEmailAndPassword, a2 as signInWithEmailLink, m as signOut, ad as unlink, l as updateCurrentUser, a9 as updateEmail, aa as updatePassword, a8 as updateProfile, u as useDeviceLanguage, v as validatePassword, a5 as verifyBeforeUpdateEmail, Y as verifyPasswordResetCode } from './popup_redirect-b062de71.js';
2
+ import { _ as _signInWithRedirect, a as _reauthenticateWithRedirect, b as _linkWithRedirect, r as registerAuth, i as initializeAuth, c as indexedDBLocalPersistence, d as cordovaPopupRedirectResolver } from './popup_redirect-e6ea1b98.js';
3
+ export { A as ActionCodeOperation, a6 as ActionCodeURL, y as AuthCredential, w as AuthErrorCodes, E as EmailAuthCredential, D as EmailAuthProvider, G as FacebookAuthProvider, F as FactorId, I as GithubAuthProvider, H as GoogleAuthProvider, z as OAuthCredential, J as OAuthProvider, O as OperationType, B as PhoneAuthCredential, P as ProviderId, K as SAMLAuthProvider, S as SignInMethod, T as TwitterAuthProvider, W as applyActionCode, j as beforeAuthStateChanged, e as browserLocalPersistence, f as browserSessionPersistence, X as checkActionCode, V as confirmPasswordReset, x as connectAuthEmulator, d as cordovaPopupRedirectResolver, Z as createUserWithEmailAndPassword, q as debugErrorMap, p as deleteUser, a3 as fetchSignInMethodsForEmail, ae as getAdditionalUserInfo, ab as getIdToken, ac as getIdTokenResult, ag as getMultiFactorResolver, g as getRedirectResult, C as inMemoryPersistence, c as indexedDBLocalPersistence, i as initializeAuth, h as initializeRecaptchaConfig, a1 as isSignInWithEmailLink, N as linkWithCredential, ah as multiFactor, k as onAuthStateChanged, o as onIdTokenChanged, a7 as parseActionCodeURL, t as prodErrorMap, Q as reauthenticateWithCredential, af as reload, n as revokeAccessToken, a4 as sendEmailVerification, U as sendPasswordResetEmail, a0 as sendSignInLinkToEmail, s as setPersistence, L as signInAnonymously, M as signInWithCredential, R as signInWithCustomToken, $ as signInWithEmailAndPassword, a2 as signInWithEmailLink, m as signOut, ad as unlink, l as updateCurrentUser, a9 as updateEmail, aa as updatePassword, a8 as updateProfile, u as useDeviceLanguage, v as validatePassword, a5 as verifyBeforeUpdateEmail, Y as verifyPasswordResetCode } from './popup_redirect-e6ea1b98.js';
4
4
  import 'tslib';
5
5
  import '@firebase/util';
6
6
  import '@firebase/component';
package/dist/cordova/internal.js CHANGED
@@ -1,5 +1,5 @@
1
- import { ai as _performApiRequest, aj as _addTidIfNecessary, ak as _assert, al as Delay, am as _window, an as isV2, ao as _createError, ap as _recaptchaV2ScriptUrl, aq as _loadJS, ar as _generateCallbackName, as as getRecaptchaParams, at as _isHttpOrHttps, au as _isWorker, av as _castAuth, M as signInWithCredential, N as linkWithCredential, aw as _assertLinkedStatus, Q as reauthenticateWithCredential, ax as sendPhoneVerificationCode, ay as startEnrollPhoneMfa, az as _link, B as PhoneAuthCredential, aA as debugAssert, aB as _generateEventId, aC as AbstractPopupRedirectOperation, aD as _assertInstanceOf, aE as _withDefaultResolver, aF as FederatedAuthProvider, aG as _fail, aH as _getProjectConfig, aI as _getCurrentUrl, aJ as _gapiScriptUrl, aK as _emulatorUrl, aL as _isChromeIOS, aM as _isFirefox, aN as _isIOSStandalone, aO as _getRedirectUrl, aP as _setWindowLocation, aQ as _isMobileBrowser, aR as _isSafari, aS as _isIOS, f as browserSessionPersistence, aT as _getRedirectResult, aU as _overrideRedirectResult, aV as AuthEventManager, aW as debugFail, aX as finalizeEnrollPhoneMfa, aY as finalizeEnrollTotpMfa, aZ as startEnrollTotpMfa, r as registerAuth, i as initializeAuth, c as indexedDBLocalPersistence, e as browserLocalPersistence, j as beforeAuthStateChanged, o as onIdTokenChanged, x as connectAuthEmulator, a_ as _setExternalJSProvider } from './popup_redirect-b062de71.js';
2
- export { A as ActionCodeOperation, a6 as ActionCodeURL, y as AuthCredential, w as AuthErrorCodes, b2 as AuthImpl, E as EmailAuthCredential, D as EmailAuthProvider, G as FacebookAuthProvider, F as FactorId, b4 as FetchProvider, I as GithubAuthProvider, H as GoogleAuthProvider, z as OAuthCredential, J as OAuthProvider, O as OperationType, B as PhoneAuthCredential, P as ProviderId, b5 as SAMLAuthCredential, K as SAMLAuthProvider, S as SignInMethod, T as TwitterAuthProvider, b0 as UserImpl, ak as _assert, av as _castAuth, aG as _fail, aB as _generateEventId, b3 as _getClientVersion, b1 as _getInstance, aT as _getRedirectResult, aU as _overrideRedirectResult, a$ as _persistenceKeyName, W as applyActionCode, j as beforeAuthStateChanged, e as browserLocalPersistence, f as browserSessionPersistence, X as checkActionCode, V as confirmPasswordReset, x as connectAuthEmulator, d as cordovaPopupRedirectResolver, Z as createUserWithEmailAndPassword, q as debugErrorMap, p as deleteUser, a3 as fetchSignInMethodsForEmail, ae as getAdditionalUserInfo, ab as getIdToken, ac as getIdTokenResult, ag as getMultiFactorResolver, g as getRedirectResult, C as inMemoryPersistence, c as indexedDBLocalPersistence, i as initializeAuth, h as initializeRecaptchaConfig, a1 as isSignInWithEmailLink, N as linkWithCredential, b7 as linkWithRedirect, ah as multiFactor, k as onAuthStateChanged, o as onIdTokenChanged, a7 as parseActionCodeURL, t as prodErrorMap, Q as reauthenticateWithCredential, b8 as reauthenticateWithRedirect, af as reload, n as revokeAccessToken, a4 as sendEmailVerification, U as sendPasswordResetEmail, a0 as sendSignInLinkToEmail, s as setPersistence, L as signInAnonymously, M as signInWithCredential, R as signInWithCustomToken, $ as signInWithEmailAndPassword, a2 as signInWithEmailLink, b6 as signInWithRedirect, m as signOut, ad as unlink, l as updateCurrentUser, a9 as updateEmail, aa as updatePassword, a8 as updateProfile, u as useDeviceLanguage, v as validatePassword, a5 as verifyBeforeUpdateEmail, Y as verifyPasswordResetCode } from './popup_redirect-b062de71.js';
1
+ import { ai as _performApiRequest, aj as _addTidIfNecessary, ak as _assert, al as Delay, am as _window, an as isV2, ao as _createError, ap as _recaptchaV2ScriptUrl, aq as _loadJS, ar as _generateCallbackName, as as getRecaptchaParams, at as _isHttpOrHttps, au as _isWorker, av as _castAuth, M as signInWithCredential, N as linkWithCredential, aw as _assertLinkedStatus, Q as reauthenticateWithCredential, ax as sendPhoneVerificationCode, ay as startEnrollPhoneMfa, az as _link, B as PhoneAuthCredential, aA as debugAssert, aB as _generateEventId, aC as AbstractPopupRedirectOperation, aD as _assertInstanceOf, aE as _withDefaultResolver, aF as FederatedAuthProvider, aG as _fail, aH as _getProjectConfig, aI as _getCurrentUrl, aJ as _gapiScriptUrl, aK as _emulatorUrl, aL as _isChromeIOS, aM as _isFirefox, aN as _isIOSStandalone, aO as _getRedirectUrl, aP as _setWindowLocation, aQ as _isMobileBrowser, aR as _isSafari, aS as _isIOS, f as browserSessionPersistence, aT as _getRedirectResult, aU as _overrideRedirectResult, aV as AuthEventManager, aW as debugFail, aX as finalizeEnrollPhoneMfa, aY as finalizeEnrollTotpMfa, aZ as startEnrollTotpMfa, r as registerAuth, i as initializeAuth, c as indexedDBLocalPersistence, e as browserLocalPersistence, j as beforeAuthStateChanged, o as onIdTokenChanged, x as connectAuthEmulator, a_ as _setExternalJSProvider } from './popup_redirect-e6ea1b98.js';
2
+ export { A as ActionCodeOperation, a6 as ActionCodeURL, y as AuthCredential, w as AuthErrorCodes, b2 as AuthImpl, E as EmailAuthCredential, D as EmailAuthProvider, G as FacebookAuthProvider, F as FactorId, b4 as FetchProvider, I as GithubAuthProvider, H as GoogleAuthProvider, z as OAuthCredential, J as OAuthProvider, O as OperationType, B as PhoneAuthCredential, P as ProviderId, b5 as SAMLAuthCredential, K as SAMLAuthProvider, S as SignInMethod, T as TwitterAuthProvider, b0 as UserImpl, ak as _assert, av as _castAuth, aG as _fail, aB as _generateEventId, b3 as _getClientVersion, b1 as _getInstance, aT as _getRedirectResult, aU as _overrideRedirectResult, a$ as _persistenceKeyName, W as applyActionCode, j as beforeAuthStateChanged, e as browserLocalPersistence, f as browserSessionPersistence, X as checkActionCode, V as confirmPasswordReset, x as connectAuthEmulator, d as cordovaPopupRedirectResolver, Z as createUserWithEmailAndPassword, q as debugErrorMap, p as deleteUser, a3 as fetchSignInMethodsForEmail, ae as getAdditionalUserInfo, ab as getIdToken, ac as getIdTokenResult, ag as getMultiFactorResolver, g as getRedirectResult, C as inMemoryPersistence, c as indexedDBLocalPersistence, i as initializeAuth, h as initializeRecaptchaConfig, a1 as isSignInWithEmailLink, N as linkWithCredential, b7 as linkWithRedirect, ah as multiFactor, k as onAuthStateChanged, o as onIdTokenChanged, a7 as parseActionCodeURL, t as prodErrorMap, Q as reauthenticateWithCredential, b8 as reauthenticateWithRedirect, af as reload, n as revokeAccessToken, a4 as sendEmailVerification, U as sendPasswordResetEmail, a0 as sendSignInLinkToEmail, s as setPersistence, L as signInAnonymously, M as signInWithCredential, R as signInWithCustomToken, $ as signInWithEmailAndPassword, a2 as signInWithEmailLink, b6 as signInWithRedirect, m as signOut, ad as unlink, l as updateCurrentUser, a9 as updateEmail, aa as updatePassword, a8 as updateProfile, u as useDeviceLanguage, v as validatePassword, a5 as verifyBeforeUpdateEmail, Y as verifyPasswordResetCode } from './popup_redirect-e6ea1b98.js';
3
3
  import { __awaiter, __generator, __assign, __extends, __spreadArray } from 'tslib';
4
4
  import { querystring, getModularInstance, getUA, getExperimentalSetting, getDefaultEmulatorHost } from '@firebase/util';
5
5
  import { SDK_VERSION, getApp, _getProvider } from '@firebase/app';
@@ -2077,14 +2077,19 @@ function getAuth(app) {
2077
2077
  ]
2078
2078
  });
2079
2079
  var authTokenSyncPath = getExperimentalSetting('authTokenSyncURL');
2080
- // Don't allow urls (XSS possibility), only paths on the same domain
2081
- // (starting with a single '/')
2082
- if (authTokenSyncPath && authTokenSyncPath.match(/^\/[^\/].*/)) {
2083
- var mintCookie_1 = mintCookieFactory(authTokenSyncPath);
2084
- beforeAuthStateChanged(auth, mintCookie_1, function () {
2085
- return mintCookie_1(auth.currentUser);
2086
- });
2087
- onIdTokenChanged(auth, function (user) { return mintCookie_1(user); });
2080
+ // Only do the Cookie exchange in a secure context
2081
+ if (authTokenSyncPath &&
2082
+ typeof isSecureContext === 'boolean' &&
2083
+ isSecureContext) {
2084
+ // Don't allow urls (XSS possibility), only paths on the same domain
2085
+ var authTokenSyncUrl = new URL(authTokenSyncPath, location.origin);
2086
+ if (location.origin === authTokenSyncUrl.origin) {
2087
+ var mintCookie_1 = mintCookieFactory(authTokenSyncUrl.toString());
2088
+ beforeAuthStateChanged(auth, mintCookie_1, function () {
2089
+ return mintCookie_1(auth.currentUser);
2090
+ });
2091
+ onIdTokenChanged(auth, function (user) { return mintCookie_1(user); });
2092
+ }
2088
2093
  }
2089
2094
  var authEmulatorHost = getDefaultEmulatorHost('auth');
2090
2095
  if (authEmulatorHost) {