To use Firebase Authentication in a web app, you must whitelist the domains that the Firebase Authentication servers can redirect to after signing in a user.
By default, localhost and your Firebase project's hosting domain are whitelisted. You must whitelist the full domain names of any other of your web app's hosts. Note: whitelisting a domain allows for requests from any URL and port of that domain.