Hi All,
Last week we shipped FxA train-73 to production, with the following
highlights:
* Lots more work on flow metrics events, including: events for sending
and clicking through account verification emails, events for doing a
password reset, finer-grained events for sign-in unblock, and a
dedicated `flow.complete` event.
* An important fix for our build pipeline to bring back subresource
integrity tags on our javscript resources.
* The content-server backend is now plugged into Sentry for collecting
and reporting errors.
* We replaced use of the `request` module with the smaller, simpler
`got` module, which we're hoping will help eliminate high memory
use on the content-server.
* A great many fixes for flaky functional tests.
* A substantial refactor of the view names and transition sequences
in our front-end code, to avoid emitting duplicate metrics with
the same name.
* Several fixes to the new "devices view", including spiffy SVG icons,
various sizing tweaks, and improved handling of blank device names.
If you don't have any mobile devices connected, this view will now
also help you get one connected.
* Support for webchannel OAuth reliers has been removed. This feature
was used by Hello to get access to encryption keys, but with that
service being decomissioned, we don't have any reason to keep it
in our codebase.
* We removed the button to open sync preferences after setting up
sync; users were finding it very confusing in practice.
* A big refactor of the way we deal with HTML escaping in our
front-end templates. To include raw HTML you now have to use a
new function `unsafeTranslate`, which only accepts variables whose
name starts with `escaped`. This will make it much harder for us
to accidentally introduce an XSS vulnerability.
* We no longer use the "crosstab" library, and instead rely on the
builtin BroadcastChannel feature to share state across tabs. This
may result in a slightly degraded experience for a small percentage
of our users who are on older versions of Firefox, but it yielded
a significant decrease in code complexity.
* The oauth-server has been updated to hapi 14, the final update that
we have pending after the migration to node v4.
* We now pass a "source_url" parameter with all subscription requests
to Basket.
Special thanks also go to the following community contributors, who have
code shipping in this train:
* Divya Biyani, who cleaned up the initialization code for auth
brokers, got the "open in webmail" button working on the reset
password page, and fixed up some styling issues in the devices view.
* Brandon Ebersohl, who fixed up a very annoying stylistic issue with
the ordering of ERRNO constants in the auth-server.
Thanks Divya and Brandon!
As always, you can find more details in the changelogs for each repo:
https://github.com/mozilla/fxa-auth-server/blob/v1.73.1/CHANGELOG.md
https://github.com/mozilla/fxa-content-server/blob/v0.73.1/CHANGELOG.md
https://github.com/mozilla/fxa-oauth-server/blob/v0.73.0/CHANGELOG.md
https://github.com/mozilla/fxa-profile-server/blob/v0.73.0/CHANGELOG.md
https://github.com/mozilla/fxa-basket-proxy/blob/v0.73.0/CHANGELOG.md
There are also detailed PR metrics included below if you're interested.
Cheers,
Ryan
------------
This train we are shipping work on the following features:
* FxA-106: signin unblock: 3 PRs (now 29 / 32 = 91% complete)
* FxA-108: update deps: 1 PRs (now 15 / 15 = 100% complete)
* FxA-15: connected apps: 1 PRs (now 7 / 10 = 70% complete)
* FxA-41: signin funnel metrics: 6 PRs (now 30 / 49 = 61% complete)
* FxA-70: KPI dashboards: 1 PRs (now 27 / 30 = 90% complete)
* FxA-89: devices view: 5 PRs (now 35 / 44 = 80% complete)
As well as 37 general quality improvements.
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
