Closed
Bug 770746
Opened 12 years ago
Closed 11 years ago
Put verifier on same domain as marketplace
Categories
(Cloud Services :: Operations: Marketplace, task)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: kumar, Assigned: jason)
References
Details
The receipt verifier is currently at https://receiptcheck.marketplace.mozilla.org/verify, let's move it to https://marketplace.mozilla.org/verify (or something on the marketplace domain). Any issues with that? This move will allow us to do same-origin receipt verification which greatly enhances the integrity of the receipt check process. In short it allows us to match verifier URLs to installs_allowed_from domains in app manifests. Details in bug 770666
Comment 1•12 years ago
|
||
Once we've got it mapped to a new URL, we just need to change: https://marketplace-dev.allizom.org/en-US/admin/settings#webapps_receipt_url ... to that new URL. When the old domain is removed or when the libraries enforce the new domain, all users will need to get new receipts, this will break all old receipts. I don't think that's a big issue right now.
Comment 2•11 years ago
|
||
Being on its own domain gives us hosting (read: distributed servers) advantages and makes SLA requirements easier. Jeremy or Mark: do you have input from an IT point of view?
Comment 3•11 years ago
|
||
Yes, it's best if receiptcheck is on its own domain if this service has its own special SLA requirements.
Comment 4•11 years ago
|
||
Actually if it's a subdomain of marketplace.firefox.com that's fine too. We'll change the docs to say a domain or subdomain of the issuer.
Comment 5•11 years ago
|
||
We can definitely do a subdomain of marketplace.firefox.com.
Comment 6•11 years ago
|
||
That would be great. Let's do that.
Comment 7•11 years ago
|
||
Andy - would you and oremj work together to make whatever changes you want? thanks :)
Updated•11 years ago
|
Assignee: nobody → server-ops-infra
Component: Payments/Refunds → Server Operations: Infrastructure
Product: Marketplace → mozilla.org
QA Contact: jdow
Version: 1.0 → other
Comment 8•11 years ago
|
||
The settings on prod currently have this as: https://receiptcheck.marketplace.firefox.com/verify/ However I can't resolve that: [836583] zamboni $ curl https://receiptcheck.marketplace.firefox.com/verify/ curl: (6) Could not resolve host: receiptcheck.marketplace.firefox.com; nodename nor servname provided, or not known I can resolve: https://receiptcheck.marketplace.mozilla.org/verify/ If we move that to marketplace.firefox.com, and fix the error, we'll have it in the subdomain and we can close this bug.
Comment 9•11 years ago
|
||
This is a high priority for us
Assignee | ||
Updated•11 years ago
|
Assignee: server-ops-infra → server-ops-amo
Component: Server Operations: Infrastructure → Server Operations: AMO Operations
QA Contact: jdow → oremj
Assignee | ||
Updated•11 years ago
|
Assignee: server-ops-amo → jthomas
Assignee | ||
Comment 10•11 years ago
|
||
This requires a nginx and dns modification. We already have the SSL cert for receiptcheck.marketplace.firefox.com configured. I would like to do this change sometime today.
Assignee | ||
Comment 11•11 years ago
|
||
I will do this at 2PM today.
Assignee | ||
Comment 12•11 years ago
|
||
Done. Please verify.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Comment 13•11 years ago
|
||
Seems to work, we'll find out more when payments are on in prod, thanks.
Status: RESOLVED → VERIFIED
Updated•10 years ago
|
Component: Server Operations: AMO Operations → Operations: Marketplace
Product: mozilla.org → Mozilla Services
You need to log in
before you can comment on or make changes to this bug.
Description
•