Guard against isSecureContext not being present

firebase · Mar 21, 2024 · 939a060 · 939a060
1 parent bf2070d
commit 939a060
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/packages/auth/src/platform_browser/index.ts b/packages/auth/src/platform_browser/index.ts
@@ -91,7 +91,11 @@ export function getAuth(app: FirebaseApp = getApp()): Auth {
 
   const authTokenSyncPath = getExperimentalSetting('authTokenSyncURL');
   // Only do the Cookie exchange in a secure context
-  if (authTokenSyncPath && isSecureContext) {
+  if (
+    authTokenSyncPath &&
+    typeof isSecureContext === 'boolean' &&
+    isSecureContext
+  ) {
     // Don't allow urls (XSS possibility), only paths on the same domain
     const authTokenSyncUrl = new URL(authTokenSyncPath, location.origin);
     if (location.origin === authTokenSyncUrl.origin) {