Hi All, Last week we shipped FxA train-73 to production, with the following highlights:
* Lots more work on flow metrics events, including: events for sending and clicking through account verification emails, events for doing a password reset, finer-grained events for sign-in unblock, and a dedicated `flow.complete` event. * An important fix for our build pipeline to bring back subresource integrity tags on our javscript resources. * The content-server backend is now plugged into Sentry for collecting and reporting errors. * We replaced use of the `request` module with the smaller, simpler `got` module, which we're hoping will help eliminate high memory use on the content-server. * A great many fixes for flaky functional tests. * A substantial refactor of the view names and transition sequences in our front-end code, to avoid emitting duplicate metrics with the same name. * Several fixes to the new "devices view", including spiffy SVG icons, various sizing tweaks, and improved handling of blank device names. If you don't have any mobile devices connected, this view will now also help you get one connected. * Support for webchannel OAuth reliers has been removed. This feature was used by Hello to get access to encryption keys, but with that service being decomissioned, we don't have any reason to keep it in our codebase. * We removed the button to open sync preferences after setting up sync; users were finding it very confusing in practice. * A big refactor of the way we deal with HTML escaping in our front-end templates. To include raw HTML you now have to use a new function `unsafeTranslate`, which only accepts variables whose name starts with `escaped`. This will make it much harder for us to accidentally introduce an XSS vulnerability. * We no longer use the "crosstab" library, and instead rely on the builtin BroadcastChannel feature to share state across tabs. This may result in a slightly degraded experience for a small percentage of our users who are on older versions of Firefox, but it yielded a significant decrease in code complexity. * The oauth-server has been updated to hapi 14, the final update that we have pending after the migration to node v4. * We now pass a "source_url" parameter with all subscription requests to Basket. Special thanks also go to the following community contributors, who have code shipping in this train: * Divya Biyani, who cleaned up the initialization code for auth brokers, got the "open in webmail" button working on the reset password page, and fixed up some styling issues in the devices view. * Brandon Ebersohl, who fixed up a very annoying stylistic issue with the ordering of ERRNO constants in the auth-server. Thanks Divya and Brandon! As always, you can find more details in the changelogs for each repo: https://github.com/mozilla/fxa-auth-server/blob/v1.73.1/CHANGELOG.md https://github.com/mozilla/fxa-content-server/blob/v0.73.1/CHANGELOG.md https://github.com/mozilla/fxa-oauth-server/blob/v0.73.0/CHANGELOG.md https://github.com/mozilla/fxa-profile-server/blob/v0.73.0/CHANGELOG.md https://github.com/mozilla/fxa-basket-proxy/blob/v0.73.0/CHANGELOG.md There are also detailed PR metrics included below if you're interested. Cheers, Ryan ------------ This train we are shipping work on the following features: * FxA-106: signin unblock: 3 PRs (now 29 / 32 = 91% complete) * FxA-108: update deps: 1 PRs (now 15 / 15 = 100% complete) * FxA-15: connected apps: 1 PRs (now 7 / 10 = 70% complete) * FxA-41: signin funnel metrics: 6 PRs (now 30 / 49 = 61% complete) * FxA-70: KPI dashboards: 1 PRs (now 27 / 30 = 90% complete) * FxA-89: devices view: 5 PRs (now 35 / 44 = 80% complete) As well as 37 general quality improvements. _______________________________________________ Dev-fxacct mailing list Dev-fxacct@mozilla.org https://mail.mozilla.org/listinfo/dev-fxacct