Hi All,
This week we are shipping FxA train-72 to production, with the
following highlights:
* A major refactor of our "flow events" infrastructure,
which will hopefully make them more reliable and easier
to use, and thus encourage us to pursue more detailed
flow metrics going forward.
* The "signin unblock" feature, which allows users who are
blocked by rate-limiting or other security measures to
complete an email confirmation loop to unblock themselves,
and continue with their login attempt.
* The auth-server and content-server now support HTTP Public
Key Pinning, letting us add another layer of security and
integrity to the code we deliver at runtime.
* We now include a VAPID identification header when sending
push messages, to allow the push server team to gather more
accurate metrics.
* Our confirmation emails no longer include the text-only
"Alterntively" link. It was too big and too distracting,
and very few people were actually clicking on it.
* Our CSP rules now ban all <object>s in addition to other
potential nasties that aren't used by our code.
* We've continued the ES6-ification of our codebase by
using object shorthand for method function definitions,
replacing all `var self=this` with fat arrow functions,
and using const in a whole lot more places.
* The customs-server will ship with a third-party IP blocklist
enabled in metrics-gathering mode. This should produce some
preliminary metrics on whether we can get value from such lists.
Along with an even-higher-than-usual number of test fixes, quality
improvements, and refactors.
Special thanks also go to Divya Biyani who has continued to contribute
quality fixes this train, including:
* Adding more text to the "incorrect password" error message,
to prompt users to try the "show" button.
* Improving consistency and readability of the text in various
messages and buttons.
Thanks Divya!
As always, you can find more details in the changelogs for each repo:
https://github.com/mozilla/fxa-auth-server/blob/v1.72.0/CHANGELOG.md
https://github.com/mozilla/fxa-auth-mailer/blob/v1.72.0/CHANGELOG.md
https://github.com/mozilla/fxa-content-server/blob/v0.72.1/CHANGELOG.md
https://github.com/mozilla/fxa-customs-server/blob/v0.72.0/CHANGELOG
There are also detailed PR metrics included below if you're interested.
Cheers,
Ryan
------------
This train we are shipping work on the following features:
* FxA-105: ip blocklist: 2 PRs (now 5 / 6 = 83% complete)
* FxA-106: signin unblock: 6 PRs (now 24 / 31 = 77% complete)
* FxA-108: update deps: 1 PRs (now 13 / 14 = 93% complete)
* FxA-41: signin funnel metrics: 2 PRs (now 24 / 40 = 60% complete)
* FxA-89: devices view: 1 PRs (now 30 / 44 = 68% complete)
As well as 29 general quality improvements.
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
