Raven49
commented
1 year ago Kindly assign this task to me
Open bhearsum opened 4 years ago
Raven49
commented
1 year ago Kindly assign this task to me
bhearsum
commented
1 year ago Hi, please feel free to work on the issue and open a PR when you feel it is ready.
michellemounde
commented
1 year ago Could I have more info about this issue ? @bhearsum @gabrielBusta Could you provide the file(s) where the changes should be made?
bhearsum
commented
1 year ago This issue boils down to the fact that the JSON responses we return are not deterministic: it is possible that we may return exactly the same data but in a different order for different requests.
Fixing it requires ensuring the response object is built deterministically, probably by using one of the linked libraries.
jcristau
commented
11 months ago Reopening because the fix in #3035 had to be reverted in #3058.
Changing json.dumps to canonicaljson.encode_canonical_json changed a text string to a byte string, which when passed to make_hash returns a bogus hash, and thus causes us to end up with a bogus signature.
Currently, we don't have any guarantees that our JSON responses will be bit-for-bit the same for the same request. This means that any time the response format changes, we'll have to generate additional, possibly unnecessary, signatures (because we use the hashed, dumped-to-a-string, json as our cache key).
Something like https://github.com/Kinto/kinto-signer/blob/master/kinto_signer/canonicaljson.py or https://pypi.org/project/canonicaljson/.
Thanks to glasserc for the idea and pointers.
(Imported from https://bugzilla.mozilla.org/show_bug.cgi?id=1590609)