Firebase Authentication, Authorized Domains, and subdomains that start with a digit...
781 views
Skip to first unread message
Tracy Hall
Feb 12, 2021, 7:14:33 PM2/12/21
to Firebase Google Group
I've already solved this (hence why the question is so specific) but thought it would be worth sharing....
I use codesandbox a lot in developing Firestore-based React apps, and ran into an "interesting" issue. When Codesandbox forks a project, it generates a pseudo-random domain to allow for testing - so, you may see the project called lumininous-fraternity-df7gxk, and the built app will deploy at df7gxk.csb.app .
Where it gets fun is sometimes the generated sub-domain will START with a digit - for example, 2omvk.csb.app (real case)
I found out the hard way that Firebase Auth does NOT accept that as a sub-domain. the *exact same code*, forked again so that the sub-domain does *not* start with a digit, works fine.
Easy fix, obviously, just fork again. But it took a bit of sleuthing (and, well, 40 years of experience with weird problems) to speculate that *that* was the problem, and try the solution.
Just sharing... If any Firebasers think this is a new issue, I'll file a bug report...
Tracy Hall
Michael Bleigh
Feb 12, 2021, 7:22:04 PM2/12/21
to Firebase Google Group
Hi Tracy, thanks for the report!
In a very, very technical sense Firebase Auth is correct here. According to the RFC 1034 standard, domains:
must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. There are also some restrictions on the length. Labels must be 63 characters or less.
In practice, many browsers and other user agents support domains that start with a number. My personal take is this falls into a grey zone as to whether it's a bug or not. Firebase Auth is requiring a "valid" domain name, but some "invalid" domain names appear and can be used in practice. I'll leave it up to you if you want to report it further :)
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/d8dc0a56-2831-4619-9427-6acca19d6c96n%40googlegroups.com.
Alex Kostyukov
Nov 16, 2023, 3:42:41 PM11/16/23
to Firebase Google Group
Hi, Michael according to https://www.ietf.org/rfc/rfc1123.txt which updates rfc1123 and rfc952 in a very, very technical sense every domain software MUST support domains starting with digit.
2.1 Host Names and Numbers
The syntax of a legal Internet host name was specified in RFC-952
[DNS:4]. One aspect of host name syntax is hereby changed: the
restriction on the first character is relaxed to allow either a
letter or a digit. Host software MUST support this more liberal
syntax.
And even if we not look to all this RFC from 1985-1990y at 2023 if your software doesn't support a domains starting with a digit it looks like a buggy solution
The syntax of a legal Internet host name was specified in RFC-952
[DNS:4]. One aspect of host name syntax is hereby changed: the
restriction on the first character is relaxed to allow either a
letter or a digit. Host software MUST support this more liberal
syntax.
And even if we not look to all this RFC from 1985-1990y at 2023 if your software doesn't support a domains starting with a digit it looks like a buggy solution
Reply all
Reply to author
Forward
0 new messages