Identity/Firefox Accounts/Meeting Notes/2016 04 25 Web
< Identity | Firefox Accounts | Meeting Notes
Jump to navigation
Jump to search
2016-04-25: Monday Web Coordination
Today's Theme: Items that should be cut from train.
[ RECORDED ] WHO: jbuck, jrgm, pb, st, rfeeley, vladikoff, vbudhram
From last time:
- Wiki for meeting notes set up: https://wiki.mozilla.org/Identity/Firefox_Accounts/Meeting_Notes
- node-uap push to stomlinson's fork: done \o/
Discuss:
- re-confirm email
- auth-server:
- Tons of failing tests, changing passwords, etc, updating to handle sign in verification
- Adding documentation for api updates
- content-server:
- stomlinson hacked together an auth server that allowed token verification, functional tests being added.
- auth mailer
- "If you suspect that someone is trying to gain access to your account, please __take these precautions now__."
- Is there an existing SUMO link to use? If not, we either need the content written or to change the text/remove the link.
- rfeeley to find the correct SUMO page.
- https://support.mozilla.org/en-US/kb/im-having-problems-with-my-firefox-account👍
- auth-server:
- Enable CSP
- https://github.com/mozilla/fxa-content-server/pull/3627
- I do not believe we can have two "reportOnly" CSP rules as requested.
- Maybe if `reportOnly` is set in config, only add the "blocking" rules, and make those reportOnly?
- maybe CSP on/off instead?
- flow.begin event
- old pr closed: https://github.com/mozilla/fxa-content-server/pull/3619
- new pr opened: https://github.com/mozilla/fxa-content-server/pull/3683
- stomlinson on the hook to review
- Groundwork has been done to validate data coming from ResumeTokens (thanks Phil!)
- handle async invalid token on signin
- force_auth issues: https://github.com/mozilla/fxa-content-server/issues/3680