FG
๐Ÿ’ป Software๐Ÿ”Œ APIs & SDKsGoogle

Chrome Web Store Team complains a Violation: My Extension (Cancelly.ca) is injecting the enterprise.js externally from the Google API in the src/index.js file.

Fresh3 days ago
Mar 14, 20260 views
Confidence Score59%
59%

Problem

Operating System macOS Ventura 13.5 Browser Version 116.0.5845.179 (Official Build) (arm64) Firebase SDK Version ^10.1.0 Firebase SDK Product: Auth Describe your project's tooling I am using this https://github.com/JohnBra/vite-web-extension Describe the problem Following code after the build generates minified files containing URLs with enterprise.js so the Chrome Web Store Team complains of a violation. [code block] Steps and code to reproduce issue Defined in the problem.

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
Unverified Fix
New Fix โ€“ Awaiting Verification

Remove External Injection of enterprise.js from Build Process

Medium Risk

The build process of the extension is inadvertently including the 'enterprise.js' script from the Google API due to the Firebase SDK configuration or the way dependencies are bundled in the Vite setup. This can happen if the Firebase SDK is not properly configured to exclude certain scripts or if the build process does not correctly handle external dependencies.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Update Firebase SDK Configuration

    Ensure that the Firebase SDK is configured to not include external scripts like 'enterprise.js'. This can be done by checking the imports in your code and ensuring that only the necessary Firebase modules are imported.

    typescript
    import { initializeApp } from 'firebase/app';
import { getAuth } from 'firebase/auth'; // Only import necessary modules
  2. 2

    Modify Vite Configuration

    Update the Vite configuration to exclude any external scripts during the build process. This can be done by adding a configuration option to prevent the inclusion of unwanted scripts.

    javascript
    export default defineConfig({
  build: {
    rollupOptions: {
      external: ['enterprise.js'], // Exclude enterprise.js
    }
  }
});
  3. 3

    Check for Unused Dependencies

    Run a dependency audit to check for any unused or unnecessary dependencies that might be pulling in 'enterprise.js'. Remove any such dependencies to clean up the project.

    bash
    npm audit --production
npm prune
  4. 4

    Rebuild the Extension

    After making the above changes, rebuild the extension to ensure that the changes take effect and that 'enterprise.js' is no longer included in the output files.

    bash
    npm run build
  5. 5

    Test the Build Output

    Inspect the generated build files to confirm that 'enterprise.js' is no longer present. You can do this by searching the output directory for the script.

    bash
    grep -r 'enterprise.js' dist/

Validation

Confirm that the build output no longer contains references to 'enterprise.js' by checking the minified files in the 'dist' directory. Additionally, verify that the extension functions correctly without the external script.

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

firebasegooglesdkapi:-authquestion