Feedback for “Quickstart with Firebase Auth”

[RobbySingh]

I received a rejection notification for my Chrome extension with the following error:

Violation(s):

Violation reference ID: [Blue Argon](https://developer.chrome.com/docs/webstore/troubleshooting/#additional-requirements-for-manifest-v3)

Technical Requirements - Additional Requirements for Manifest V3:

Violation:
Including remotely hosted code in a Manifest V3 item.
Violating Content:
Code snippet: options.a5514780.js: https://www.google.com/recaptcha/api.js,https://apis.google.com/js/api.js

It looks to have been caused by the firebase/auth package, which has code that injects a <script> that points to the Google recaptcha URLs above.

As of November 9, 2023 (firebase/firebase-js-sdk#7766), the firebase team has added a "firebase/auth/web-extension" path that should be used instead, acting as a drop-in replacement.

The page (https://docs.plasmo.com/quickstarts/with-firebase-authentication) uses an example with the "firebase/auth" package. I'm filing this feedback issue to suggest that it should probably be updated to use firebase/auth/web-extension instead.

Additionally, how hard would it be to perform a validation in plasmo to see if the built code has injected scripts? Almost like a pre-screen validation check at build-time. Maybe a warning