Closed
Bug 957632
Opened 10 years ago
Closed 10 years ago
Zippy should not return an array as the top level data structure
Categories
(Marketplace Graveyard :: Payments/Refunds, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: scolville, Assigned: davidbgk)
References
Details
A GET to sellers looks to return a list rather than an object. We should be using an object always as the top level data structure.
|
||
Comment 1•10 years ago
|
||
This applies to more than sellers, see also bug 948240. Zippy should never hit front ends who can manipulate arrays (the reason you return objects). Is returning a list of sellers, buyers etc actually useful? Bango and Paypal don't allow that and I'm not sure why we'd ever want to use that. A simpler approach might just be to remove any listing methods. Since zippy is just a reference implementation, removing the security sensitive flag.
Group: client-services-security
See Also: → 948240
|
Assignee | |
Comment 2•10 years ago
|
||
We could prepend while(1); like Google does: https://stackoverflow.com/questions/2669690/why-does-google-prepend-while1-to-their-json-responses
|
||
Comment 3•10 years ago
|
||
if this is changed in Zippy, be careful not to break curling's get_object : https://github.com/andymckay/curling/blob/master/curling/lib.py#L217
|
|
||
Comment 4•10 years ago
|
||
Oh that's terrible, lets not do that. I'll repeat my point, don't do listings. Remove code remove docs :)
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → david
|
|
Assignee | |
Comment 5•10 years ago
|
||
Alright, I'll remove all listing capabilities.
|
|
||
Updated•10 years ago
|
Priority: -- → P4
|
|
Assignee | |
Comment 6•10 years ago
|
||
https://github.com/mozilla/zippy/commit/483f3aee331675ad696acf530ca9a1fbe19a1d29
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
|
||
Comment 7•10 years ago
|
||
We can't remove listings entirely because we use them to look up objects. Since the patch broke lookups and broke solitude/samples/zippy-basic.py I reverted. https://github.com/mozilla/zippy/commit/246e171fbaca968c590f60a27ba52eb801e80977 Besides zippy-basic.py, we need GET products for https://github.com/mozilla/webpay/blob/master/lib/solitude/api.py#L251 and we need GET sellers for https://github.com/mozilla/webpay/blob/master/lib/solitude/api.py#L333
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 8•10 years ago
|
||
Do we ever need more than one object returned? That means we keep GETs and we return one object, we just don't do the listings.
|
|
Assignee | |
Comment 9•10 years ago
|
||
I agree that those queries are based on lists just to retrieve a particular object, what about modifying curling instead?
|
|
Assignee | |
Updated•10 years ago
|
Priority: P4 → P2
|
|
||
Comment 10•10 years ago
|
||
We will need to list all seller products for the upcoming in-app purchase manager: bug 956334 When we remove list outputs we should fix curling for sanity: bug 959780
|
|
Assignee | |
Comment 11•10 years ago
|
||
https://github.com/mozilla/zippy/commit/f3a6393ee9a30bd1c10dc86eaeee06da39e4487d
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•