Skip to content

Auth: migration from localstorage to indexedDb not good when used in iframe #631

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
RomainVialard opened this issue Apr 4, 2018 · 9 comments
Closed

Auth: migration from localstorage to indexedDb not good when used in iframe #631

RomainVialard opened this issue Apr 4, 2018 · 9 comments
Labels
api: auth

Comments

@RomainVialard
Copy link

RomainVialard commented Apr 4, 2018
edited
Loading

[REQUIRED] Describe your environment

  • Firebase SDK version: 4.12.1
  • Firebase Product: auth

[REQUIRED] Describe the problem

Between SDK version 4.11 & 4.12, it was decided to migrate auth storage from localstorage to indexedDb (see PR #530).

I am using the Firebase JS SDK inside an iframe and this migration is causing issues when trying to authenticate to Firebase (using method signInWithCustomToken() but I'm assuming the issue happens with all sign-in methods as it is related to client side storage).

Specifically, between 4.11 & 4.12, authentication now fails with an indexedDb error if:

  • In Chrome: third-party cookies are blocked (not default)
  • In Safari: cookies are set to "Allow from websites I visit". Switching to "Always allow" fixes the issue (but default setting is "Allow from websites I visit")

Error thrown by Safari:
SecurityError: IDBFactory.open() called in an invalid security context
@google-oss-bot
Copy link
Contributor

Hey there! I couldn't figure out what this issue is about, so I've labeled it for a human to triage. Hang tight.

@google-oss-bot
Copy link
Contributor

Hmmm this issue does not seem to follow the issue template. Make sure you provide all the required information.

@bojeil-google
Copy link
Contributor

Thanks for reporting. We'll look into the errors when indexedDB is not functional.

@kmjennison kmjennison mentioned this issue Apr 4, 2018
Closed
@bojeil-google
Copy link
Contributor

We will add a fallback to localStorage when indexedDB fails to open with an error.

Regarding Safari iframes, you are expected to have visited the site in a top level window as you mentioned. This is a limitation that Safari set. Safari also uses intelligent tracking (to protect privacy) and will clear cookies and data in your iframe after a certain period of time. There are a lot of issues which even localStorage won't solve.

There are many reasons we switched to indexedDB, and one major reason is the compatibility with service workers which all major modern browsers are now supporting including Apple which has finally started supporting them. Going forward, Auth must be compatible with service workers.

@RomainVialard
Copy link
Author

Thank you!

@dfischer
Copy link

Confirming I am seeing the same issue

@vieira
Copy link

vieira commented Apr 26, 2018

Hello,

Has this been fixed in 4.13?

Thanks.

@wti806
Copy link
Contributor

wti806 commented Apr 26, 2018 via email

@jshcrowthe
Copy link
Contributor

Closing as it seems this has been fixed.

@tonydisera tonydisera mentioned this issue May 22, 2018
Closed
@firebase firebase locked and limited conversation to collaborators Oct 21, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
api: auth
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@dfischer @vieira @jshcrowthe @bojeil-google @google-oss-bot @RomainVialard @wti806