Network request to https://apis.google.com/js/api.js times out on iOS when on IPV6 address with “limit IP address tracking” enabled

[EllisVerhoest]

[REQUIRED] Describe your environment

• Operating System version: iOS 15.2+
• Browser version: Safari 15.2+
• Firebase SDK version: 9.8.3
• Firebase Product: Auth

---

• Having an IPV6 address
• "limit IP address tracking" enabled
• (?) using an account subscribed to iCloud+

[REQUIRED] Describe the problem

Possibly related to #7012

IOS seems to proxy traffic for "tracking domains" to get around IP tracking, I believe apis.google.com is on their list. This causes the network request to be routed through their internal VPN service which potentially doesn't work well with IPV6.

*Apple potentially uses a second (more aggressive) VPN service for their customers subscribed to iCloud+, we believe this to be pertinent to the issue but aren't sure.

This network request is only made either during proactive initialisation or logging in with a popup, such as OAuth through google or Facebook, and it causes our project to hang or fail because we're forced to wait for the network request to complete.

Disabling proactive initialising solves this issue, and we have a workaround, but would prefer a more official way to accomplish this.

Steps to reproduce:

1. Enable "limit IP address tracking" on an iPhone (possibly enabled by default)
2. Be on a ISP that provides an IPV6 address
3. Load firebase auth through a webpage
4. Request to "https://apis.google.com/js/api.js" hangs on TCP for ~20-40 seconds before timing out

Workaround

Disable BrowserPopupRedirectResolver:_shouldInitProactively

sed -i.bak 's/return _isMobileBrowser() || _isSafari() || _isIOS();/return false\/*Force disabling due to ios tracking bug*\/;/g' node_modules/@firebase/auth/dist/esm2017/index-*.js

Preferably, there should be a call to disable proactively initialising, such as

BrowserPopupRedirectResolver:_shouldInitProactively
    if(proactivelyOptOut) return false;

setProactivelyOptOut(true);

[prameshj]

Disabling proactive init is the only workaround. We load proactively on iOS by default, see

firebase-js-sdk/packages/auth/src/platform_browser/popup_redirect.ts

Line 176 in b6c231a

return _isMobileBrowser() || _isSafari() || _isIOS();

Which results in

firebase-js-sdk/packages/auth/src/core/auth/auth_impl.ts

Line 146 in bea604e

await this._popupRedirectResolver._initialize(this);

and eventually

firebase-js-sdk/packages/auth/src/platform_browser/popup_redirect.ts

Line 126 in bea604e

const iframe = await _openIframe(auth);

Are you seeing delays or the script load failing?

[EllisVerhoest]

We're seeing the script load fail, it times out after some time but only under the conditions in the issue. Our project depends on auth being init'ed so the whole thing fails to load when this request is made.

We've already worked around it by disabling proactive init, which prevents the request from being made until a user tries to sign in with a popup, but we're forced to do this by modifying the auth package which isn't ideal.

This is likely related to #4946 too