Closed Bug 975214 Opened 6 years ago Closed 6 years ago

"Disable" Hawk timestamp and nonce checking

Categories

(Cloud Services :: Server: Sync, defect)

defect
Not set

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: rfkelly, Assigned: rfkelly)

Details

(Whiteboard: [qa?])

Attachments

(1 file)

(copy of https://github.com/mozilla/fxa-auth-server/issues/578)

This isn't buying us that much and there's reason to believe it's causing failures and retries. Let's put it in "warn" mode for now and measure what's going on:

    Set the time window to something large, e.g., 20 years
    Disable the nonce replay checks
    Log all timestamp deltas so we can build a distribution of these deltas
This is relevant to my interests. Please subscribe me to your newsletter.
This patch creates a PermissiveNonceCache class that will not actually check the timestamps or nonces, just log them if they seem to be too highly skewed.
Attachment #8379456 - Flags: review?(telliott)
Whiteboard: [qa?]
Attachment #8379456 - Flags: review?(telliott) → review+
https://github.com/mozilla-services/mozservices/commit/d037cab18cbf1635b2da12847dd06660afd7a0ea
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Any QA required here or just a code fix verification?
Code fix verification fine here, additional verification discussion in Bug 975001
Verified in code.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.