Fix CSP for Firebase, speculatively

There's a good chance this will run into problems when the database comes back online.
But it would be best to move away from Firebase anyways.

.vscode/settings.json

@@ -110,6 +110,7 @@
 		"Faroese",
 		"fieldsets",
 		"firebaseapp",
+		"firebaseio",
 		"Fiteny",
 		"fliph",
 		"flippable",

index.html

@@ -4,13 +4,15 @@
 		<meta charset="utf-8">
 		<title>JS Paint</title>
 
-		<!-- This should mirror CSP in electron-main.js -->
+		<!-- This should mirror CSP in electron-main.js, except maybe for firebase stuff. -->
+		<!-- Firebase stuff is somewhat speculative, as the quota is exceeded as I'm adding this. -->
 		<meta http-equiv="Content-Security-Policy" content="
 			default-src 'self';
+			script-src 'self' https://jspaint.firebaseio.com;
 			style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
 			img-src 'self' data: blob: https://i.postimg.cc;
 			font-src 'self' https://fonts.gstatic.com;
-			connect-src * data: blob:;
+			connect-src * data: blob: https://jspaint.firebaseio.com wss://jspaint.firebaseio.com;
 		">
 
 		<link href="styles/normalize.css" rel="stylesheet" type="text/css">

src/electron-main.js

@@ -131,7 +131,7 @@ const createWindow = () => {
 				// connect-src needs data: for loading from localStorage,
 				// and maybe blob: for loading from IndexedDB in the future.
 				// (It uses fetch().)
-				// Note: this should mirror the CSP in index.html.
+				// Note: this should mirror the CSP in index.html, except maybe for firebase stuff.
 				"Content-Security-Policy": [`
 					default-src 'self';
 					style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;

src/sessions.js

@@ -209,25 +209,27 @@
 				this.start();
 			};
 			if (!MultiUserSession.fb_root) {
-				$.getScript("lib/firebase.js")
-					.done(() => {
-						const config = {
-							apiKey: "AIzaSyBgau8Vu9ZE8u_j0rp-Lc044gYTX5O3X9k",
-							authDomain: "jspaint.firebaseapp.com",
-							databaseURL: "https://jspaint.firebaseio.com",
-							projectId: "firebase-jspaint",
-							storageBucket: "",
-							messagingSenderId: "63395010995"
-						};
-						firebase.initializeApp(config);
-						MultiUserSession.fb_root = firebase.database().ref("/");
-						on_firebase_loaded();
-					})
-					.fail(() => {
-						show_error_message("Failed to load Firebase; the document will not load, and changes will not be saved.");
-						file_name = `[Failed to load ${this.id}]`;
-						update_title();
-					});
+				var script = document.createElement("script");
+				script.addEventListener("load", () => {
+					const config = {
+						apiKey: "AIzaSyBgau8Vu9ZE8u_j0rp-Lc044gYTX5O3X9k",
+						authDomain: "jspaint.firebaseapp.com",
+						databaseURL: "https://jspaint.firebaseio.com",
+						projectId: "firebase-jspaint",
+						storageBucket: "",
+						messagingSenderId: "63395010995"
+					};
+					firebase.initializeApp(config);
+					MultiUserSession.fb_root = firebase.database().ref("/");
+					on_firebase_loaded();
+				});
+				script.addEventListener("error", () => {
+					show_error_message("Failed to load Firebase; the document will not load, and changes will not be saved.");
+					file_name = `[Failed to load ${this.id}]`;
+					update_title();
+				});
+				script.src = "lib/firebase.js";
+				document.head.appendChild(script);
 			}
 			else {
 				on_firebase_loaded();