-
Notifications
You must be signed in to change notification settings - Fork 212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(push): update default open-uri push ttl #18054
base: main
Are you sure you want to change the base?
Conversation
// Assign a default TTL for well-known commands if a request didn't specify it. | ||
const DEFAULT_COMMAND_TTL = new Map([ | ||
['https://identity.mozilla.com/cmd/open-uri', 30 * 24 * 3600], // 30 days | ||
['https://identity.mozilla.com/cmd/open-uri', MAX_PUSH_TTL], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How are we going to document max TTL's other systems have to ensure we don't set this too high (since we now know that FCM needs 28 days)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we allow others to set that value? (It's not mentioned on https://mozilla.github.io/ecosystem-platform/relying-parties/how-tos/device-registration at least.)
I can move the clamping of that value farther down into the function that calls webpush to send the notification.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The FCM value sounds fine to config for this, is there anywhere else we aren't using the MAX_PUSH_TTL?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mean these values https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/lib/push.js#L67-L71 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant are there any other spots like the one in this PR that hardcoded a TTL vs. using a constant.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, not that I can find. The one value not that based on a constant is the one in the payload of /account/devices/notify'
. The payload validation enforces a min of 0 but no max. So clamping would help there.
Because the 30 days ttl is now too large.