Identity/Firefox Accounts/Meeting Notes/2016 04 25 Web
From MozillaWiki
< Identity | Firefox Accounts | Meeting Notes
2016-04-25: Monday Web Coordination
Today's Theme: Items that should be cut from train.
[ RECORDED ] WHO: jbuck, jrgm, pb, st, rfeeley, vladikoff, vbudhram
From last time:
- Wiki for meeting notes set up: https://wiki.mozilla.org/Identity/Firefox_Accounts/Meeting_Notes
- node-uap push to stomlinson's fork: done \o/
Discuss:
- re-confirm email
- auth-server:
- Tons of failing tests, changing passwords, etc, updating to handle sign in verification
- Adding documentation for api updates
- content-server:
- stomlinson hacked together an auth server that allowed token verification, functional tests being added.
- auth mailer
- "If you suspect that someone is trying to gain access to your account, please __take these precautions now__."
- Is there an existing SUMO link to use? If not, we either need the content written or to change the text/remove the link.
- rfeeley to find the correct SUMO page.
- https://support.mozilla.org/en-US/kb/im-having-problems-with-my-firefox-accountđ
- auth-server:
- Enable CSP
- https://github.com/mozilla/fxa-content-server/pull/3627
- I do not believe we can have two "reportOnly" CSP rules as requested.
- Maybe if `reportOnly` is set in config, only add the "blocking" rules, and make those reportOnly?
- maybe CSP on/off instead?
- flow.begin event
- old pr closed: https://github.com/mozilla/fxa-content-server/pull/3619
- new pr opened: https://github.com/mozilla/fxa-content-server/pull/3683
- stomlinson on the hook to review
- Groundwork has been done to validate data coming from ResumeTokens (thanks Phil!)
- handle async invalid token on signin
- force_auth issues: https://github.com/mozilla/fxa-content-server/issues/3680
