Treat www.firefox.com like www.mozilla.org (#241)

Author: willdurand

attributioncode/validator.go

@@ -17,8 +17,8 @@ import (
 
 // pre-compile regex
 var (
-	mozillaOrg = regexp.MustCompile(`^https://www.mozilla.org/`)
-	rtamo      = regexp.MustCompile(`^rta:`)
+	referrerAllowedforRTAMO = regexp.MustCompile(`^https://www\.(mozilla\.org|firefox\.com)/`)
+	rtamo                   = regexp.MustCompile(`^rta:`)
 )
 
 // Set to match https://searchfox.org/mozilla-central/rev/a92ed79b0bc746159fc31af1586adbfa9e45e264/browser/components/attribution/AttributionCode.jsm#24
@@ -208,11 +208,11 @@ func (v *Validator) Validate(code, sig, refererHeader string) (*Code, error) {
 	}
 
 	if attributionCode.FromRTAMO() {
-		refererMatch := mozillaOrg.MatchString(refererHeader)
+		refererMatch := referrerAllowedforRTAMO.MatchString(refererHeader)
 
 		if !refererMatch {
-			logEntry.WithField("referer", refererHeader).Error("RTAMO attribution does not have https://www.mozilla.org referer header")
-			return nil, errors.New("RTAMO attribution does not have https://www.mozilla.org referer header")
+			logEntry.WithField("referer", refererHeader).Error("Invalid referer header for RTAMO attribution")
+			return nil, errors.New("Invalid referer header for RTAMO attribution")
 		}
 	}
 

attributioncode/validator_test.go

@@ -98,6 +98,22 @@ func TestValidateAttributionCode(t *testing.T) {
 			ExpectedClientID:  "(not set)",
 			ExpectedSessionID: "",
 		},
+		{
+			// source=addons.mozilla.org&medium=referral&campaign=amo-fx-cta-3006&content=rta:e2I5ZGIxNmE0LTZlZGMtNDdlYy1hMWY0LWI4NjI5MmVkMjExZH0&experiment=(not set)&variation=(not set)&ua=edge&visit_id=(not set)
+			In:                "c291cmNlPWFkZG9ucy5tb3ppbGxhLm9yZyZtZWRpdW09cmVmZXJyYWwmY2FtcGFpZ249YW1vLWZ4LWN0YS0zMDA2JmNvbnRlbnQ9cnRhOmUySTVaR0l4Tm1FMExUWmxaR010TkRkbFl5MWhNV1kwTFdJNE5qSTVNbVZrTWpFeFpIMCZleHBlcmltZW50PShub3Qgc2V0KSZ2YXJpYXRpb249KG5vdCBzZXQpJnVhPWVkZ2UmdmlzaXRfaWQ9KG5vdCBzZXQp",
+			Out:               "campaign%3Damo-fx-cta-3006%26content%3Drta%253Ae2I5ZGIxNmE0LTZlZGMtNDdlYy1hMWY0LWI4NjI5MmVkMjExZH0%26dltoken%3D__DL_TOKEN__%26experiment%3D%2528not%2Bset%2529%26medium%3Dreferral%26source%3Daddons.mozilla.org%26ua%3Dedge%26variation%3D%2528not%2Bset%2529",
+			RefererHeader:     "https://www.firefox.com/",
+			ExpectedClientID:  "(not set)",
+			ExpectedSessionID: "",
+		},
+		{
+			// source=addons.mozilla.org&medium=referral&campaign=amo-fx-cta-3006&content=rta:e2I5ZGIxNmE0LTZlZGMtNDdlYy1hMWY0LWI4NjI5MmVkMjExZH0&experiment=(not set)&variation=(not set)&ua=edge&visit_id=(not set)
+			In:                "c291cmNlPWFkZG9ucy5tb3ppbGxhLm9yZyZtZWRpdW09cmVmZXJyYWwmY2FtcGFpZ249YW1vLWZ4LWN0YS0zMDA2JmNvbnRlbnQ9cnRhOmUySTVaR0l4Tm1FMExUWmxaR010TkRkbFl5MWhNV1kwTFdJNE5qSTVNbVZrTWpFeFpIMCZleHBlcmltZW50PShub3Qgc2V0KSZ2YXJpYXRpb249KG5vdCBzZXQpJnVhPWVkZ2UmdmlzaXRfaWQ9KG5vdCBzZXQp",
+			Out:               "campaign%3Damo-fx-cta-3006%26content%3Drta%253Ae2I5ZGIxNmE0LTZlZGMtNDdlYy1hMWY0LWI4NjI5MmVkMjExZH0%26dltoken%3D__DL_TOKEN__%26experiment%3D%2528not%2Bset%2529%26medium%3Dreferral%26source%3Daddons.mozilla.org%26ua%3Dedge%26variation%3D%2528not%2Bset%2529",
+			RefererHeader:     "https://www.firefox.com/test/other/paths",
+			ExpectedClientID:  "(not set)",
+			ExpectedSessionID: "",
+		},
 		{
 			// campaign=testcampaign&content=testcontent&experiment=exp1&medium=testmedium&source=mozilla.com&timestamp=1670358814&variation=var1&visit_id=vid
 			In:            "Y2FtcGFpZ249dGVzdGNhbXBhaWduJmNvbnRlbnQ9dGVzdGNvbnRlbnQmZXhwZXJpbWVudD1leHAxJm1lZGl1bT10ZXN0bWVkaXVtJnNvdXJjZT1tb3ppbGxhLmNvbSZ0aW1lc3RhbXA9MTY3MDM1ODgxNCZ2YXJpYXRpb249dmFyMSZ2aXNpdF9pZD12aWQ.",
@@ -225,10 +241,22 @@ func TestValidateAttributionCode(t *testing.T) {
 		},
 		{
 			"c291cmNlPWFkZG9ucy5tb3ppbGxhLm9yZyZtZWRpdW09cmVmZXJyYWwmY2FtcGFpZ249YW1vLWZ4LWN0YS0zMDA2JmNvbnRlbnQ9cnRhOmUySTVaR0l4Tm1FMExUWmxaR010TkRkbFl5MWhNV1kwTFdJNE5qSTVNbVZrTWpFeFpIMCZleHBlcmltZW50PShub3Qgc2V0KSZ2YXJpYXRpb249KG5vdCBzZXQpJnVhPWVkZ2UmdmlzaXRfaWQ9KG5vdCBzZXQp", // source=addons.mozilla.org&medium=referral&campaign=amo-fx-cta-3006&content=rta:e2I5ZGIxNmE0LTZlZGMtNDdlYy1hMWY0LWI4NjI5MmVkMjExZH0&experiment=(not set)&variation=(not set)&ua=edge&visit_id=(not set)
-			"RTAMO attribution does not have https://www.mozilla.org referer header",
+			"Invalid referer header for RTAMO attribution",
 			"",
 			"https://invalid-referer.fake",
 		},
+		{
+			"c291cmNlPWFkZG9ucy5tb3ppbGxhLm9yZyZtZWRpdW09cmVmZXJyYWwmY2FtcGFpZ249YW1vLWZ4LWN0YS0zMDA2JmNvbnRlbnQ9cnRhOmUySTVaR0l4Tm1FMExUWmxaR010TkRkbFl5MWhNV1kwTFdJNE5qSTVNbVZrTWpFeFpIMCZleHBlcmltZW50PShub3Qgc2V0KSZ2YXJpYXRpb249KG5vdCBzZXQpJnVhPWVkZ2UmdmlzaXRfaWQ9KG5vdCBzZXQp", // source=addons.mozilla.org&medium=referral&campaign=amo-fx-cta-3006&content=rta:e2I5ZGIxNmE0LTZlZGMtNDdlYy1hMWY0LWI4NjI5MmVkMjExZH0&experiment=(not set)&variation=(not set)&ua=edge&visit_id=(not set)
+			"Invalid referer header for RTAMO attribution",
+			"",
+			"https://www-mozilla.org",
+		},
+		{
+			"c291cmNlPWFkZG9ucy5tb3ppbGxhLm9yZyZtZWRpdW09cmVmZXJyYWwmY2FtcGFpZ249YW1vLWZ4LWN0YS0zMDA2JmNvbnRlbnQ9cnRhOmUySTVaR0l4Tm1FMExUWmxaR010TkRkbFl5MWhNV1kwTFdJNE5qSTVNbVZrTWpFeFpIMCZleHBlcmltZW50PShub3Qgc2V0KSZ2YXJpYXRpb249KG5vdCBzZXQpJnVhPWVkZ2UmdmlzaXRfaWQ9KG5vdCBzZXQp", // source=addons.mozilla.org&medium=referral&campaign=amo-fx-cta-3006&content=rta:e2I5ZGIxNmE0LTZlZGMtNDdlYy1hMWY0LWI4NjI5MmVkMjExZH0&experiment=(not set)&variation=(not set)&ua=edge&visit_id=(not set)
+			"Invalid referer header for RTAMO attribution",
+			"",
+			"https://www-firefox.com",
+		},
 	}
 	for _, c := range invalidCodes {
 		_, err := v.Validate(c.In, c.Sig, c.RefererHeader)

stubservice/stubhandlers/stubhandler_test.go

@@ -235,6 +235,16 @@ func TestRedirectFull(t *testing.T) {
 			ExpectedClientIDGA4: "some-client-id-for-ga4",
 			ExpectedSessionID:   "some-session-id",
 		},
+		{
+			// Same as above with fxc as referer.
+			AttributionCode:     `campaign=fxa-cta-123&content=rta:value&medium=referral&source=addons.mozilla.org&visit_id=some-visit-id&client_id_ga4=some-client-id-for-ga4&session_id=some-session-id`,
+			Referer:             `https://www.firefox.com/`,
+			ExpectedLocation:    `/cdn/builds/rtamo-firefox-stub/en-US/win/`,
+			ExpectedCode:        `campaign%3Dfxa-cta-123%26content%3Drta%253Avalue%26dltoken%3D[\w\d-]+%26medium%3Dreferral%26source%3Daddons.mozilla.org`,
+			ExpectedClientID:    "some-visit-id",
+			ExpectedClientIDGA4: "some-client-id-for-ga4",
+			ExpectedSessionID:   "some-session-id",
+		},
 		{
 			// We expect no prefix because the attribution data is not related to
 			// RTAMO.