Closed
Bug 1489294
Opened 6 years ago
Closed 6 years ago
Device registration failing due to explicit port number in pushCallback URL
Categories
(Firefox :: Firefox Accounts, enhancement)
Firefox
Firefox Accounts
Tracking
()
RESOLVED
FIXED
People
(Reporter: rfkelly, Unassigned)
Details
In latest Nightly, it appears that Firefox Account device registration is sometimes sending a request body like this:
{
"name": "example",
"type": "desktop",
"pushCallback": "https://updates.push.services.mozilla.com:443/wpush/v1/XXXX",
"pushPublicKey": "YYYY",
"pushAuthKey": "ZZZZ",
"availableCommands": {}
}
The pushCallback url is including an explicit port number :443 even though that's the default port for the protocol.
The FxA server applies some checking to the pushCallback URL to ensure that it's talking to an actual push server:
https://github.com/mozilla/fxa-auth-server/blob/master/config/index.js#L756
And the regex involved does not expect an explicit port number:
/^https:\/\/[a-zA-Z0-9._-]+(\.services\.mozilla\.com|autopush\.dev\.mozaws\.net|autopush\.stage\.mozaws\.net)(\/.*)?$/
So this device registration attempt will fail.
I'm not sure what's changed in cause Firefox to send the explicit port number here, and it seems worth investigating on the client-side. But we should also adjust the server-side regex to allow these registrations through.
|
||
Comment 1•6 years ago
|
||
For some reason this is also happening in Stable for me, so could be some PushServer thing?
Gonna try to patch it on the FxA auth side
|
Reporter | |
Comment 2•6 years ago
|
||
Ben, could this sudden appearance of the port number in the URL be explained by a push-server change?
Flags: needinfo?(bbangert)
|
|
Reporter | |
Comment 3•6 years ago
|
||
FxA server fix here: https://github.com/mozilla/fxa-auth-server/pull/2612
|
||
Comment 4•6 years ago
|
||
Our rust push service was including the ports regardless of the URL scheme. A fix is landing to address this that can go out during the next deploy (https://github.com/mozilla-services/autopush-rs/pull/74). We could rush this fix if needed.
Flags: needinfo?(bbangert)
|
|
Reporter | |
Comment 5•6 years ago
|
||
ni? myself to confirm fix once update it deployed
Flags: needinfo?(rfkelly)
|
||
Comment 6•6 years ago
|
||
Also, Firefox's URL parser automatically normalizes URLs, so it'll strip default ports. We use it to validate the URL, but then store the original form that we got from the server: https://searchfox.org/mozilla-central/rev/6201a9e0067cf6af118c6a99ae9314b8ceb2c4d5/dom/push/PushServiceWebSocket.jsm#626,635
Do you think it's worth fixing in the client, too, or is the server-side fix sufficient?
|
|
Reporter | |
Comment 7•6 years ago
|
||
> Do you think it's worth fixing in the client, too, or is the server-side fix sufficient?
FWIW, I think fixing on the server-side is sufficient.
> ni? myself to confirm fix once update it deployed
IIUC from chat scrollback, it looks like the initial fix didn't work, but :vladikoff and :stomlinson worked up fix to the fix that did. Thanks both! Device registration seems to be working correctly now so I'm going to close this out.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(rfkelly)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•