Closed Bug 1248671 Opened 7 years ago Closed 6 years ago

[tracker] Sign recipes using Content-Signature

Categories

(Shield :: General, defect, P2)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: osmose, Unassigned)

References

Details

Since we're shipping bits of code to Firefox, we want to sign the code before we send it. We'll probably be using the autograph service to help with this: https://github.com/mozilla-services/autograph
Content-Signature is an HTTP header. S3 doesn't allow us to set headers they don't know about. S3 doesn't support Content-Signature.

Because of that, we will have to drop the idea of serving actions directly out of S3 if we need to sign them using the standard header. The other option is probably to make Django do it either as a normal view or by extending Whitenoise. We can still put the actions behind a heavily caching CDN. The responses are static, just more complex than we can convince S3 to serve.
Depends on: 1249050
Component: SHIELD → General
Product: Websites → Normandy
Depends on: 1269905
Summary: Sign actions using Content-Signature → [tracker] Sign actions using Content-Signature
Depends on: 1270618
Depends on: 1258806
Blocks: 1275996
No longer blocks: 1248648
Priority: -- → P2
This landed on master in PR #222

https://github.com/mozilla/normandy/pull/222
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Summary: [tracker] Sign actions using Content-Signature → [tracker] Sign recipes using Content-Signature
You need to log in before you can comment on or make changes to this bug.