Skip to content

FedCM: GSI_LOGGER warning appears even when not using deprecated prompt UI status methods #1431

New issue
New issue
Open
Open
FedCM: GSI_LOGGER warning appears even when not using deprecated prompt UI status methods#1431
@wobsoriano

Description

@wobsoriano
wobsoriano
opened on Feb 5, 2026

I'm migrating to FedCM for Google One Tap and have encountered two issues:

Issue 1: Warning appears even when not using deprecated methods

The browser console shows this warning:

[GSI_LOGGER]: Your client application uses one of the Google One Tap prompt UI status methods that may stop functioning when FedCM becomes mandatory. Refer to the migration guide to update your code accordingly and opt-in to FedCM to test your changes. Learn more: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#display_moment and https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#skipped_moment

However, I am not using any of the deprecated methods listed in the migration guide (isDisplayMoment(), isDisplayed(), isNotDisplayed(), getNotDisplayedReason()). My code only uses getMomentType() which is not listed as deprecated:

google.accounts.id.initialize({
  client_id: 'YOUR_CLIENT_ID',
  callback: handleCredentialResponse,
  use_fedcm_for_prompt: true,
});

google.accounts.id.prompt((notification) => {
  if (notification.getMomentType() === 'skipped') {
    console.log('User skipped');
  }
});

The warning also appears when using isSkippedMoment() which is listed as "partially supported" in the migration guide.

Questions:

  1. Why does the warning appear when not using deprecated methods?
  2. Is getMomentType() deprecated? If so, please add it to the migration guide.
  3. Is passing any callback to prompt() considered deprecated? Passing a callback to prompt() triggers the warning.

Issue 2: FedCM CORS error on localhost

When testing with use_fedcm_for_prompt: true on localhost, selecting an account in the One Tap prompt results in a CORS error:

Image

Configuration:

  • http://localhost:5173 and http://localhost are added to Authorized JavaScript Origins in Google Cloud Console
  • OAuth consent screen is properly configured
  • The same code works correctly when deployed to a production HTTPS domain (e.g., Vercel)

Expected behavior: FedCM should work on localhost for local development, similar to how the legacy One Tap works.

Actual behavior: FedCM fails with CORS error on localhost but works on deployed HTTPS domains (vercel).

Is localhost supported with FedCM? If not, this should be documented in the migration guide.

This is happening in Chrome 144+

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions