Hi All, This week we'll be rolling FxA train-61 to production, including the following highlights:
* The "show" buttons on the two password fields of the "change password" page no longer have their state synchronized. * We emit a new "flow.begin" activity event at the very start of a sign-in flow, to allow better metrics on timing and completion rate. * Some of our CSP rules have graduated from "report only" to "blocking" mode, meaning they'll trigger actual errors if violated. * Improved scripting for ops to view and manage what is being blocked by custsoms-server. * Our rate-limiting logic will no longer trigger for @restmail.net addresses, which should help avoid it triggering in the middle of QA test runs. * The request.summary logs for /account/create and /account/login will now include the userid rather than a dummary value of "00". * We now send a push notification to connected devices when the account password is changed or reset. * To help work around a client-side bug that updates device metadata far more often than it should, we now check for spurious writes to the /account/device endpoint and avoid passing them on to the DB if nothing has changed. * There's new, clearer text on the main buttons of the sign-up and choose-what-to-sync pages. * We no longer show unactionable "session expired" errors when accessing pages with old session data. * Fields in the resume token are now strictly validated. As usual, you can dig into all the details and smaller changes in the changelog: https://github.com/mozilla/fxa-content-server/blob/master/CHANGELOG.md https://github.com/mozilla/fxa-auth-server/blob/master/CHANGELOG.md https://github.com/mozilla/fxa-customs-server/blob/master/CHANGELOG https://github.com/mozilla/fxa-profile-server/blob/master/CHANGELOG.md Cheers, Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
