[tracker] Sign recipes using Content-Signature

RESOLVED FIXED

Status

Shield
General
P2
normal
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: mkelly, Unassigned)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
Since we're shipping bits of code to Firefox, we want to sign the code before we send it. We'll probably be using the autograph service to help with this: https://github.com/mozilla-services/autograph
Content-Signature is an HTTP header. S3 doesn't allow us to set headers they don't know about. S3 doesn't support Content-Signature.

Because of that, we will have to drop the idea of serving actions directly out of S3 if we need to sign them using the standard header. The other option is probably to make Django do it either as a normal view or by extending Whitenoise. We can still put the actions behind a heavily caching CDN. The responses are static, just more complex than we can convince S3 to serve.

Updated

2 years ago
Depends on: 1249050
(Assignee)

Updated

2 years ago
Component: SHIELD → General
Product: Websites → Normandy

Updated

2 years ago
Depends on: 1269905

Updated

2 years ago
Summary: Sign actions using Content-Signature → [tracker] Sign actions using Content-Signature

Updated

2 years ago
Depends on: 1270618

Updated

2 years ago
Depends on: 1258806
(Reporter)

Updated

2 years ago
Blocks: 1275996
No longer blocks: 1248648

Updated

2 years ago
Priority: -- → P2
This landed on master in PR #222

https://github.com/mozilla/normandy/pull/222
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Summary: [tracker] Sign actions using Content-Signature → [tracker] Sign recipes using Content-Signature
You need to log in before you can comment on or make changes to this bug.