Closed
Bug 741484
Opened 13 years ago
Closed 13 years ago
Make https configurable for in-app payment postback URLs
Categories
(addons.mozilla.org Graveyard :: API, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
6.5.0
People
(Reporter: kumar, Assigned: kumar)
References
Details
When the Marketplace server posts JWTs to app servers for in-app payments (bug 703083), those URLs need to be https in production and/or http in development. We may want to allow http in prod but that needs discussion (it's easier for developers but less secure). JWTs will always be signed just not encrypted.
|
Assignee | |
Updated•13 years ago
|
|
||
Comment 1•13 years ago
|
||
I'm not sure what the action on this bug is, but glad you do :)
Priority: -- → P2
|
|
Assignee | |
Comment 2•13 years ago
|
||
It might need more thought/discussion but for starters I was thinking: 1. on prod we have a read-only checkbox indicating that the URL *must* be SSL accessible. 2. on dev we have a working checkbox where they can toggle SSL on/off while developing.
|
|
Assignee | |
Updated•13 years ago
|
Priority: P2 → P1
|
|
Assignee | |
Comment 3•13 years ago
|
||
Fixed: https://github.com/mozilla/zamboni/commit/ee11dd4 devs can only configure their app with a non-SSL link when INAPP_REQUIRE_HTTPS is False in settings.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•