How does Firebase handle cross origin issues?

Question

Looking through the Firebase FAQ I can't see how cross domain issues are handled. Obviously, we don't want to serve on the Firebase domain, is it CORS, hidden iFrame, other? Would we need to create a sub-domain that points at the IP of the sharing server?

Answer 1

Let me answer this question in two parts, as there are multiple ways to communicate with the Firebase Servers.

• Firebase JavaScript Client - The Firebase Javascript Client maintains a real-time bidirectional connection to the server. Under the covers, this uses WebSockets whenever possible (which have no limitations with regard to cross-origin connections) and falls back to hidden-iframe-based jsonp long-polling on older browsers (which sidesteps cross-origin issues by only doing requests).
• Firebase REST API - You can also get / set data from Firebase using the REST API, which uses CORS to allow cross-origin requests.

So in summary, it should "just work" and you don't need to do anything special.