1

I've added a feature to my web app that requires using SharedArrayBuffer. To access shared SharedArrayBuffer my site needs to be cross origin isolated.

I have added the required headers

Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp

and the feature works.

But now firebase auth isn't working with Google Authentication (Email and password still work). I'm not using Firebase Hosting to host my web app.

I've tried using both the pop up and redirect methods with no luck.

I've tried using my own custom domain auth.mysite.com and hosting a copy of my site on firebase hosting but the popup fails as it's a different origin to mysite.com with the following messsage

To use this resource from a different origin, the server needs to specify a cross-origin resource policy in the response headers:
Cross-Origin-Resource-Policy: same-siteChoose this option if the resource and the document are served from the same site.
Cross-Origin-Resource-Policy: cross-originOnly choose this option if an arbitrary website including this resource does not impose a security risk.
Learn more in the issues tab

and redirect just seems to hang waiting for getRedirectResult() to resolve .

Is it possible to get this to work?

patrick_corrigan
  • 809
  • 11
  • 24
  • 1
    What happens if you try removing the CORP headers only for the login page? You could have a separate page which uses SharedArrayBuffer and has the appropriate CORP headers. – grimsteel Mar 29 '23 at 23:42
  • @grimsteel. I imagine that would work but it’s a single page app. – patrick_corrigan Mar 30 '23 at 10:45

0 Answers0