-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Function cookies are treated as cross domain #544
Comments
I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight. |
@jimmykane sorry to hear you're having this issue. Can you provide a reproducible example so I can try to test this out? |
@kevinajian no worries. I was guided by this example: https://github.com/firebase/functions-samples/tree/master/instagram-auth You can use the above example with a browser like Brave, or just disable the cross domain cookies on your current browser. There is also the same issue there firebase/functions-samples#569 My code over this https://github.com/jimmykane/quantified-self/tree/master/functions Can also be realated to firebase/functions-samples#526 But here I am lost. My main confusion, and that is why I opened this issue is why the 2 functions are treated by the browser as cross domain while they look as the same domain. (Perhaps something on firebase changes?) |
Can you also try deploying the functions to |
@kevinajian indeed with safari on OSX and cross site cookies it works. Perhaps try the brave browser (its chromium based) and from there disable the cross domain cookies like so With this setting it exposes 10/10 for me In the meanwhile I ll give a try to deploy on US-Central1 to see if there is a change. Thanks again for your time and may you have a great weekend |
This was testing Safari with cross-site tracking turned off. I'm actually running into issues getting the Brave browser working, so I'll followup on that when possible. |
@kevinajian tried to auth with the link. Did you get any errors in the logs? |
Will be having more time later this week to continue debugging this issue. My apologies so far for not taking any action as I became a dad and trying to get some extra time. |
At your example with cross domain cookies on (or 3rd party as others call it) does not get the state cookie as well. So with your example is reproducible as well. I suppose you got the logs in that function (I hope :-) ) Here are some screenshots DISABLED Cross site cookies |
Trying to help a bit more here. A user that replied on StackOverflow says:
and in the code of the examples it has
Could that be the case? |
@kevinajian I think this gets more complicated and in the end does not look like a cloud function issue Please read the awarded answer https://stackoverflow.com/questions/57253593/cross-domain-state-cookie-issue-for-oauth-using-firebase-functions-while-on-the/57349498?noredirect=1#comment101255088_57349498 Feel free to close this if you agree and thanks already for your time |
Related issues
https://stackoverflow.com/questions/57253593/cross-domain-state-cookie-for-oauth-using-firebase-functions-issue
[REQUIRED] Version info
10
firebase-functions:
^3.0.2
Not required
firebase-admin:
[REQUIRED] Test case
[REQUIRED] Steps to reproduce
[REQUIRED] Expected behavior
Get the same when cross domain cookies are enabled
[REQUIRED] Actual behavior
Cannot share cookie
Were you able to successfully deploy your functions?
YES
In detail
I am implementing a oAuth login for a user for the firebase platform.
All works fine except if the user has disabled cross domain cookies.
Here is what I did.
state
cookie and redirects the user to the oAuth provider.On step 3 above the function cannot read any cookie if the user has disabled the cross domain party cookies from his browser.
Both functions are on the same domain as seen below in the screenshot.
Is there any way I can remedy this issue? Am I doing something wrong in my approach?
I cannot understand why the 2 functions are treated as crossdomain.
The text was updated successfully, but these errors were encountered: