Add the Firebase mandatory URLS to the new default CSP for Extensions
In order to provide the best experience through extensions, we have users identified in external systems, using Twitch Ids and / or Oauth.
To do so, we use Firebase authentication.
Problem is, Firebase natively uses 2 urls that cannot be modified / personalized:
https://securetoken.googleapis.com/v1/
https://www.googleapis.com/identitytoolkit/v3/
Those URLs are used to verify / produce / refresh tokens in an API way.
Is it possible to add those URLs to the default CSP or have them fulfill the CSP rule, to be able to keep up with our extensions ?
Thanks !
-
While we cannot add these URLs to the global, default CSP list for all Extensions, both of these URLs are acceptable as entries in the allowlists under an Extensions capabilities tab.
There was a recent discussion about these URLs in the Discord Sever at the following link. If your Extension was previously not approved because of these URLs, please resubmit for review. Some ambiguity regarding the Google APIs URI have been solved.
https://discord.com/channels/504015559252377601/523676096277905419/978387190579085362