Closed
Bug 1262892
Opened 9 years ago
Closed 8 years ago
Add origin key/value to FxA iframe src
Categories
(www.mozilla.org :: Pages & Content, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jpetto, Assigned: jpetto)
References
()
Details
Attachments
(1 file)
The FxA team is changing the way auth is handled when embedding the FxA iframe. Instead of a postMessage + ping, they will be looking at a fully qualified domain included in the src of the iframe, e.g. [current iframe src attribute]&origin=www.mozilla.org Accepted domains will be: www.mozilla.org www.allizom.org www-dev.allizom.org www-demo1.allizom.org www-demo2.allizom.org www-demo3.allizom.org www-demo4.allizom.org www-demo5.allizom.org 127.0.0.1 (for local testing - needs verification) The existing postMessage + ping auth method should remain intact while the transition takes place. When the transition has been fully completed and tested, we will remove the postMessage + ping routine. (Bug for that to come shortly.)
Assignee | ||
Comment 1•8 years ago
|
||
Work on this bug is blocked until the FxA team implements auth changes on their side. :stomlinson (or someone else from FxA?) will let us know when we need to begin work.
Comment 2•8 years ago
|
||
Thanks for the query :jpetto, I am struggling trying to get the content server portion prioritized. I'll let you know before I start.
Comment 3•8 years ago
|
||
Assigning the task to me to give me a gentle reminder that I need to get my side done before asking the Growth team to modify the firstrun page. I'll reassign to jpetto when I start.
Assignee: nobody → stomlinson
Comment 4•8 years ago
|
||
Shane - Can you please let us know your status and perhaps a timeline to completion or milestone (when you'll reassign to jpetto). Many thanks, Eric
Comment 5•8 years ago
|
||
:jpetto or Eric, could you start on this work by just adding the `origin` query parameter for now? I have started a tentative PR [1], but I need your side to land before the content server portion can be merged. [1] - https://github.com/mozilla/fxa-content-server/pull/4008
Status: NEW → ASSIGNED
Comment 6•8 years ago
|
||
:jpetto or Eric, can you let me know when the `origin` query parameter has been added? Once the content server portion lands and makes its way to prod, you'll be able to stop listening for the `ping` message.
Flags: needinfo?(jon)
Assignee | ||
Comment 7•8 years ago
|
||
:stomlinson - I've added the `origin` query param to the URL and put it on demo5 for testing [1][2]. Even though it's a pretty small change, can you verify all is as expected? Once you give the thumbs up, I'll open a PR and we'll get the change on production. Thanks! [1] https://www-demo5.allizom.org/en-US/firefox/accounts/ [2] https://www-demo5.allizom.org/en-US/firefox/48.0/firstrun/
Flags: needinfo?(jon) → needinfo?(stomlinson)
Comment 8•8 years ago
|
||
Thanks jpetto. Can you point FxA on the referenced servers to https://stomlinson.dev.lcip.org for testing? demo5 looks like it is currently set up to point at our stage environment.
Flags: needinfo?(stomlinson) → needinfo?(jon)
Assignee | ||
Comment 9•8 years ago
|
||
demo5 is now pointing to https://stomlinson.dev.lcip.org. I'm seeing a "does not permit framing" error in the console, but I'm guessing you can fix that relatively easily. Back to you!
Flags: needinfo?(jon) → needinfo?(stomlinson)
Assignee | ||
Comment 10•8 years ago
|
||
Noting for posterity that the origin parameter must contain the protocol and port (if not 80). The list of accepted origin values is: https://www.mozilla.org https://www.allizom.org https://www-dev.allizom.org https://www-demo1.allizom.org https://www-demo2.allizom.org https://www-demo3.allizom.org https://www-demo4.allizom.org https://www-demo5.allizom.org http://127.0.0.1:8111 (for local testing)
Flags: needinfo?(stomlinson)
Assignee | ||
Updated•8 years ago
|
Assignee: stomlinson → jon
Assignee | ||
Comment 11•8 years ago
|
||
Comment 12•8 years ago
|
||
Commits pushed to master at https://github.com/mozilla/bedrock https://github.com/mozilla/bedrock/commit/dc4a3932aede474cb7a80155d06130e17217a297 [fix bug 1262892] Add origin param to FxA iframe src. https://github.com/mozilla/bedrock/commit/c0a5fcaff716585b2a2fdfeceef0b82a93288b93 Merge pull request #4264 from jpetto/bug-1262892-add-origin-param-fxa-iframe [fix bug 1262892] Add origin param to FxA iframe src.
Updated•8 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•