Curious - have you or anyone else had to sort out what URLs to whitelist for Firebase realtime database apps on extensions in light of the new extension policy? New Extensions policy for Content Security Policy (CSP) directives and timeline for enforcement
Looking in to this now, seemingly would need to be ws://[APP_ID].firebaseio.com for the websocket, https://[APP_ID].firebaseapp.com for any Firebase function APIs, any others?