Add extension package that strips external JS loading

[NhienLam]

Add an Extension package for developers to use when building a Chrome extension app.

This package strips the external JS loading to avoid violating Chrome Web Store's policy about remotely hosted code.
https://developer.chrome.com/docs/extensions/develop/migrate/improve-security#remove-remote-code

[changeset-bot]

⚠️ No Changeset found

Latest commit: 26634a4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[google-oss-bot]

Size Report ¹

Affected Products

• @firebase/auth

  Type	Base (895d0cf)	Merge (0c5a2d7)	Diff
  browser	177 kB	177 kB	+639 B (+0.4%)
  cordova	205 kB	205 kB	-100 B (-0.0%)
  esm5	230 kB	231 kB	+756 B (+0.3%)
  main	174 kB	174 kB	-88 B (-0.1%)
  module	177 kB	177 kB	+639 B (+0.4%)
  react-native	194 kB	194 kB	+163 B (+0.1%)

• @firebase/auth/cordova

  Type	Base (895d0cf)	Merge (0c5a2d7)	Diff
  browser	205 kB	205 kB	-100 B (-0.0%)
  module	205 kB	205 kB	-100 B (-0.0%)

• @firebase/auth/internal

  Type	Base (895d0cf)	Merge (0c5a2d7)	Diff
  browser	188 kB	188 kB	+639 B (+0.3%)
  esm5	244 kB	244 kB	+756 B (+0.3%)
  main	211 kB	210 kB	-84 B (-0.0%)
  module	188 kB	188 kB	+639 B (+0.3%)

• @firebase/auth/web-extension

  Type	Base (895d0cf)	Merge (0c5a2d7)	Diff
  browser	?	133 kB	? (?)
  main	?	148 kB	? (?)
  module	?	133 kB	? (?)

• bundle

  Type	Base (895d0cf)	Merge (0c5a2d7)	Diff
  auth (Anonymous)	73.7 kB	73.8 kB	+41 B (+0.1%)
  auth (EmailAndPassword)	81.6 kB	82.0 kB	+442 B (+0.5%)
  auth (GoogleFBTwitterGitHubPopup)	100 kB	101 kB	+437 B (+0.4%)
  auth (GooglePopup)	97.6 kB	98.1 kB	+437 B (+0.4%)
  auth (GoogleRedirect)	97.8 kB	98.3 kB	+437 B (+0.4%)
  auth (Phone)	84.0 kB	84.4 kB	+420 B (+0.5%)

• firebase

  Type	Base (895d0cf)	Merge (0c5a2d7)	Diff
  firebase-auth-compat.js	136 kB	137 kB	+385 B (+0.3%)
  firebase-auth-cordova.js	174 kB	174 kB	-75 B (-0.0%)
  firebase-auth-web-extension.js	?	114 kB	? (?)
  firebase-auth.js	147 kB	147 kB	+537 B (+0.4%)
  firebase-compat.js	780 kB	780 kB	+385 B (+0.0%)

Test Logs

• Base (895d0cf): https://github.com/firebase/firebase-js-sdk/actions/runs/7631109424
• Merge (0c5a2d7): https://github.com/firebase/firebase-js-sdk/actions/runs/7647051599

1. https://storage.googleapis.com/firebase-sdk-metric-reports/AAxpMIin1V.html

[google-oss-bot]

Size Analysis Report ¹

This report is too large (92,343 characters) to be displayed here in a GitHub comment. Please use the below link to see the full report on Google Cloud Storage.

Test Logs

• Base (895d0cf): https://github.com/firebase/firebase-js-sdk/actions/runs/7631109424
• Merge (0c5a2d7): https://github.com/firebase/firebase-js-sdk/actions/runs/7647051599

1. https://storage.googleapis.com/firebase-sdk-metric-reports/LOM9Rct2bN.html

[hsubox76]

So sorry this is so complicated but you'll have to add the firebase entry points as well. That means, make a copy of the packages/firebase/cordova directory (index.ts and package.json), and add an entry in packages/firebase/package.json copying cordova here: https://github.com/firebase/firebase-js-sdk/blob/master/packages/firebase/package.json#L74. These can be an exact copy of cordova (with the word "extension") subbed in as it's all self-referencing within packages/firebase and not related to the bundles and paths you have created within the auth package. So you don't have to worry about extension-cjs and extension-esm2017 etc.

[NhienLam]

Thanks Christina! I addressed your comments and added an extension entry point to firebase/auth.

[prameshj]

LGTM except for a couple of small comments.

[prameshj]

nit: maybe call this "chrome-extension"? extension would be interpreted to mean it is some additional auth functionality.

[NhienLam]

Ack. Renamed 'extension' to 'chrome-extension' here and other places (including folders' names). Thanks!

[patrickkettner]

web-extension would be the preferred nomenclature. Since I presume we would want these to work in firefox and safari

[NhienLam]

While Firebase Auth only supports Chrome extensions currently, I changed it to 'web-extension' in case we support other web extensions in the future. Thanks!

[patrickkettner]

absolutely understand, appreciate the update

[prameshj]

session storage does not work in chrome extension(https://developer.chrome.com/docs/extensions/reference/api/storage#usage only mentions local storage and doesn't recommend it). we could remove this.

[NhienLam]

Ack. Removed.

[patrickkettner]

FWIW - you can't use localStorage by default, since it doesn't exist in service workers, but you can use chrome.storage, which does have session storage.

[renkelvin]

Is ?render= needed?

[NhienLam]

Yes, I copied the exact url from https://github.com/firebase/firebase-js-sdk/blob/master/packages/auth/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.ts#L35.

The full url we need to pass in _loadJS is 'https://www.google.com/recaptcha/enterprise.js?render=SITE-KEY'.

So if we remove '?render=' from here, we will have to update this line to be

url += '?render=' + siteKey;