Closed
Bug 741484
Opened 13 years ago
Closed 13 years ago
Make https configurable for in-app payment postback URLs
Categories
(addons.mozilla.org Graveyard :: API, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
6.5.0
People
(Reporter: kumar, Assigned: kumar)
References
Details
When the Marketplace server posts JWTs to app servers for in-app payments (bug 703083), those URLs need to be https in production and/or http in development. We may want to allow http in prod but that needs discussion (it's easier for developers but less secure). JWTs will always be signed just not encrypted.
Assignee | ||
Updated•13 years ago
|
Comment 1•13 years ago
|
||
I'm not sure what the action on this bug is, but glad you do :)
Priority: -- → P2
Assignee | ||
Comment 2•13 years ago
|
||
It might need more thought/discussion but for starters I was thinking: 1. on prod we have a read-only checkbox indicating that the URL *must* be SSL accessible. 2. on dev we have a working checkbox where they can toggle SSL on/off while developing.
Assignee | ||
Updated•13 years ago
|
Priority: P2 → P1
Assignee | ||
Comment 3•13 years ago
|
||
Fixed: https://github.com/mozilla/zamboni/commit/ee11dd4 devs can only configure their app with a non-SSL link when INAPP_REQUIRE_HTTPS is False in settings.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•