brave-browser: [Desktop] Can't sign in with firebase website with shields up

Description

We use Firebase for sign in with GitHub on EricElliottJS.com. I’m unable to sign in with shields up in Brave. It works great with shields down.

Steps to Reproduce

Go to EricElliottJS.com and click “sign in” in the upper right hand corner.
Make sure you have shields up.
Click “Sign In with GitHub”

Actual result:

{
  code: "auth/web-storage-unsupported",
  message: "This browser is not supported or 3rd party cookies and data may be disabled."
}

Expected result:

Delegated authentication is a common way to improve security and user privacy by reducing the available attack surface for nefarious collectors of usernames and passwords. I hope we can figure out how to enable commonly used authentication methods and still protect user privacy.

Reproduces how often:

Easily reproduced.

Brave version (brave://version info)

0.65.120 Chromium: 75.0.3770.90 (Official Build) (64-bit)

Revision | a6dcaf7e3ec6f70a194cc25e8149475c6590e025-refs/branch-heads/3770@{#1003} OS | Mac OS X

Version/Channel Information:

Don’t know. Don’t have time to check.

Can you reproduce this issue with the current release?
Can you reproduce this issue with the beta channel?
Can you reproduce this issue with the dev channel?
Can you reproduce this issue with the nightly channel?

Other Additional Information:

Does the issue resolve itself when disabling Brave Shields? Yes.
Does the issue resolve itself when disabling Brave Rewards? Don’t know.
Is the issue reproducible on the latest version of Chrome? No.

Miscellaneous Information:

P.S. Using Brave as my default browser. Looking good. I have high hopes for the future of Brave and the BAT ecosystem.

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 2
Comments: 30 (6 by maintainers)

Commits related to this issue

Firebase fix, brave/brave-browser#5075 — committed to ryanbr/referrer-whitelist by ryanbr 5 years ago

Most upvoted comments

~I’m seeing this now even with shields down. Signing in with Chrome works great.~

Just installed and tried it with Brave Version 0.70.121 Chromium: 78.0.3904.70 (Official Build) (64-bit)

Works with shields down.
Does not work with shields up.

ericelliott on Oct 25, 2019

closed with https://github.com/brave/brave-core/pull/5952

pes10k on Jun 26, 2020

We’ve just made a change to how we modify the referrer on cross-origin POST requests (https://github.com/brave/brave-core/pull/5613). This might address the underlying issue here.

Would anybody be able to test again using Brave Nightly?

fmarier on Jun 15, 2020

No idea if this helps, but here’s a specific error message I recently got showing that seemingly all requests from ‘googleapis.com’ are blocked when shields are up. The site in question does use Firebase for authentication.

I just ran into this today, discovered that Brave changes the referer header on the request to googleapis.com (instead of myapp.com), so the referer restriction on the API key fails. See https://console.developers.google.com/apis/credentials under “Website restrictions”. I’m just going to catch this error and show a message to the user explaining what’s happening, unless anyone has any other ideas?

alexlouden on Jan 15, 2020

Nope. I don’t even see the option. Hopefully I’m not missing some important detail here.

Screen Shot 2020-01-09 at 18 22 39

Screen Shot 2020-01-09 at 18 30 30

aormsby on Jan 9, 2020

Closed, fixed by above commit.

rebron on Jul 5, 2019

Seems to have fixed itself

ryanbr on Jul 2, 2019