If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Enable generic config to override captchas

VERIFIED FIXED

Status

Cloud Services
Server: Core
VERIFIED FIXED
6 years ago
6 years ago

People

(Reporter: telliott, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Created attachment 553863 [details] [diff] [review]
Adds an override to our central captcha lib.

For automated testing on stage, we should have the ability to include a header (now defined as 'X-Captcha-Override') that will short-circuit the captcha requirement if a key is defined and matches.
Attachment #553863 - Flags: review?(tarek)
Much appreciated. This will be a big help to QA.
Comment on attachment 553863 [details] [diff] [review]
Adds an override to our central captcha lib.

Looks good but since you are introducing a new header name, it makes the old version deprecated.

see X-Weave-Secret at http://docs.services.mozilla.com/reg/apis.html and its implementation at reg.

So if not done here, we need to add a new bug in order to deprecate the old secret stuff we have
Attachment #553863 - Flags: review?(tarek) → review+
(Reporter)

Comment 3

6 years ago
Yes, that's intentional. It's another remove-Weave-names from the system (plus, this one is just more descriptive).

We can't remove X-Weave-Secret without an API bump, so I'm planning to leave it in place until we get to that point. The redundancy is OK for now.
(In reply to Toby Elliott [:telliott] from comment #3)
> Yes, that's intentional. It's another remove-Weave-names from the system
> (plus, this one is just more descriptive).

ok

> 
> We can't remove X-Weave-Secret without an API bump, so I'm planning to leave
> it in place until we get to that point. The redundancy is OK for now.

Yes that's fine, as long as our stage servers use a single config way.

The funny thing is, IIRC, it was missing from the API doc and we've added it lately :)
Is there a status on this bug?
Do we still need this for Stage or any QA env for that matter?
this exists already, afaik.

we don't have captcha on in stage right now b/c of firewall issues and lack of proxy support, but when it's on, we can configure a shared secret for sign-up loadtests that bypass the captcha.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.