Steam authentication via Express and Passport stops working when using Firebase #112
Description
Authentication worked fine when I was running my own API server, but something about Firebase's setup has broken it. I'm wondering if it has something to do with HTTPS, cookies, Express session? I keep trying a bunch of different suggestions from different threads to no avail.
Here is what is happening:
At index.html, I click "sign in with Steam," which redirects me to Steam's authorization page. At this page I get an error in the console which reads:
Refused to load the script data:login?openid............long........ because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamcommunity-a.akamaihd.net/ https://api.steampowered.com/ *.google-analytics.com https://www.google.com https://www.gstatic.com https://apis.google.com".
I then click "sign in" on Steam's authorization page and I'm redirected back to index.html where I have a function that tries to fetch the Steam user's JSON, but instead of receiving JSON, it's getting an error: SyntaxError: Unexpected token < in JSON at position 0.
I believe it's receiving HTML instead of JSON, because if the user is not authenticated (Passport's req.isAuthenticated() is always returning false), that request is supposed to redirect the user back to index.html.
Anyway, this was all working fine on it's own server, but now that I'm on Firebase this is happening. Can anyone think of why Firebase might be causing it? Any help is appreciated.