🐛 [flutter_auth_web] Support web package v0.5.0

[davidmigloz]

Hello team,

The current constraints in flutter_auth_web for the web package are:

flutterfire/packages/firebase_auth/firebase_auth_web/pubspec.yaml

Line 22 in 376310f

web: '>=0.3.0 <0.5.0'

Which don't support the latest version of the web package (0.5.0) and, consequentially, the latest version of the http package (1.2.1).

Thanks for your work!

[darshankawar]

This will probably help to resolve flutter/flutter#143575 (comment)

/cc @Lyokone

[Lyokone]

Hi @davidmigloz,
I think you can use dependency_overrides if you want to force http 1.2.1. But the web package version is tied to the Flutter stable version.

[davidmigloz]

Make sense, thanks. Hopefully, the next Flutter stable version will bump it to 0.5.0.

For reference:
https://github.com/flutter/flutter/blob/1a7a0618a71857278dc236544e3e1269d05eaa49/packages/flutter/pubspec.yaml#L31

[ThomasAunvik]

Mentioning that this is also an issue on firebase_core_web (2.11.4).

[JgomesAT]

any schedule to add the package web 0.5.0 to the firebse core web?

[ThomasAunvik]

Regarding firebase_core_web, it seems it isn't a straightforward package override. Since that package uses web.TrustedTypePolicy, web.TrustedTypePolicyFactory. web.TrustedScriptURL and web.TrustedTypePolicyOptions directly, and I believe it is gone from web 0.5.0.

flutterfire/packages/firebase_core/firebase_core_web/lib/src/firebase_core_web.dart

Lines 104 to 136 in f24d0a7

	/// Injects a `script` with a `src` dynamically into the head of the current
	/// document.
	@visibleForTesting
	Future<void> injectSrcScript(String src, String windowVar) async {
	web.TrustedScriptURL? trustedUrl;
	final trustedTypePolicyName = _defaultTrustedPolicyName + windowVar;
	if (web.window.nullableTrustedTypes != null) {
	web.console.debug(
	'TrustedTypes available. Creating policy: $trustedTypePolicyName'.toJS,
	);
	try {
	final web.TrustedTypePolicy policy =
	web.window.trustedTypes.createPolicy(
	trustedTypePolicyName,
	web.TrustedTypePolicyOptions(
	createScriptURL: ((JSString url) => src).toJS,
	),
	);
	trustedUrl = policy.createScriptURLNoArgs(src);
	} catch (e) {
	throw TrustedTypesException(e.toString());
	}
	}
	final web.HTMLScriptElement script =
	web.document.createElement('script') as web.HTMLScriptElement;
	script.type = 'text/javascript';
	script.crossOrigin = 'anonymous';
	final stringUrl = trustedUrl != null
	// Necessary for the JS interop to work correctly on Flutter Beta 3.19.
	// ignore: unnecessary_cast
	? (trustedUrl as JSObject).callMethod('toString'.toJS)
	: src;

and

flutterfire/packages/firebase_core/firebase_core_web/lib/src/interop/package_web_tweaks.dart

Lines 16 to 38 in f24d0a7

	extension NullableTrustedTypesGetter on web.Window {
	///
	@JS('trustedTypes')
	external web.TrustedTypePolicyFactory? get nullableTrustedTypes;
	}
	/// This extension allows a trusted type policy to create a script URL without
	/// the `args` parameter (which in Chrome currently fails).
	extension CreateScriptUrlWithoutArgs on web.TrustedTypePolicy {
	///
	@JS('createScriptURL')
	external web.TrustedScriptURL createScriptURLNoArgs(
	String input,
	);
	}
	/// This extension allows setting a TrustedScriptURL as the src of a script element,
	/// which currently only accepts a string.
	extension TrustedTypeSrcAttribute on web.HTMLScriptElement {
	///
	@JS('src')
	external set srcTT(web.TrustedScriptURL value);
	}

I've opted to forking it temporarely, removing those usages, ThomasAunvik@00ef685, which you can put it in dependency_overrides (use #12353 (comment) suggestion instead)

[nilsreichardt]

This issue is blocked by the web package because the version 0.5.0 doesn't support TrustedTypePolicyFactory and TrustedTypePolicy , which are used in firebase_core.

@kevmoo already created a PR (#173) for this (thanks! ❤️ ), which was merged two weeks ago. However, the Dart team hasn't released a new version for web which would include the required changes.

As a workaround, you can overwrite the web dependency to use the latest commit (dart-lang/web@d96c01d) of the web package:

dependency_overrides:
  # Is required to be able to build the app using Flutter 3.19. Can be removed
  # when firebase_core uses web >= 0.5.1.
  web:
    git:
      url: https://github.com/dart-lang/web/
      ref: d96c01d2252372c9e0fa7ffa52d2d1df331c248b

[kevmoo]

@nilsreichardt – keep in mind, you can ALWAYS just copy-paste code to get yourself unblocked.

All of the types are erased. Just be careful about imports so you don't get name collisions when the feature DOES land.