feat(be): Remove compile time feature flags and simplify CSP#3705
Merged
feat(be): Remove compile time feature flags and simplify CSP#3705
Conversation
aterga
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
aterga
force-pushed
the
arshavir/remove-compile-time-feature-flags-from-ii-be
branch
from
5294850 to
f350c56
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR removes obsolete compile-time feature flags from the Internet Identity backend canister and simplifies HTTP security headers (notably CSP) to reflect that the backend no longer serves executable web assets.
Changes:
- Simplified backend
security_headersAPI and replaced the prior dynamic CSP generator with a fixeddefault-src 'none'policy. - Removed HTML inline-script integrity hash extraction and related test logic from backend asset initialization.
- Removed the
dummy_captcha/dev_cspfeature declarations from the backend crate.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
src/internet_identity/src/http.rs |
Updates security_headers signature and simplifies CSP response header generation. |
src/internet_identity/src/assets.rs |
Removes integrity-hash extraction and uses shared headers from security_headers when certifying assets. |
src/internet_identity/src/anchor_management/registration/captcha.rs |
Removes feature-gated dummy captcha generation, leaving only the random captcha implementation. |
src/internet_identity/Cargo.toml |
Removes the backend crate’s [features] section (including dummy_captcha and dev_csp). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The feature flags were removed from Cargo.toml but the build scripts, Dockerfile, and CI workflow still referenced them, causing build failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…y_captcha - Make v1 register endpoint respect CaptchaDisabled config (matching v2 behavior) - Change default test captcha config to CaptchaDisabled since dummy_captcha feature is gone - Fix captcha-specific tests to explicitly install with CaptchaEnabled - Restore II_DUMMY_CAPTCHA env var for frontend vite builds (still needed as build-time env var) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
With the removal of the dummy_captcha feature, real captchas cannot be solved in tests. Increase the dynamic captcha threshold so that registration rate metric testing can complete without triggering unsolvable captchas. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tion rates test With current_rate window of 10s and reference_rate window of 100s, the current/reference rate ratio is ~10x, requiring threshold_pct >= 900 to avoid triggering captcha during the test. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The backend CSP was simplified to 'default-src none;' by this PR, but the test helper still expected the old detailed CSP. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This test tracks challenge removal from the inflight pool, which requires captcha to be enabled so that check_challenge is called during registration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Install with CaptchaDisabled for the 25 base registrations, then upgrade to Dynamic captcha config. This avoids triggering unsolvable captchas during the setup phase. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ha test Install with threshold_pct=1000 (high enough to prevent captcha during setup), register 25 base identities to establish rate data, then upgrade to threshold_pct=20 to verify captcha triggers at higher registration rates. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
sea-snake
approved these changes
Mar 26, 2026
aterga
deleted the
arshavir/remove-compile-time-feature-flags-from-ii-be
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
The compile-time feature flags (
dummy_captchaanddev_csp) are now obsolete in the II backend. This PR removes them as a step towards reducing the build flavors to 1.This also required simplifying the content security policy to reflect that there are no executable assets (e.g., HTML or JS) served by this canister anymore.
Changes
Feature flag removal
dummy_captchaanddev_cspCargo features fromCargo.toml--features dummy_captcha/--features dev_cspfromscripts/build,Dockerfile,scripts/docker-build, and CI workflowdfx.jsonbuild commands andscripts/test-canisters.shII_DUMMY_CAPTCHAas a vite env var for the frontend build (still used by the frontend to register test dapp data)CSP simplification
default-src 'none';since the backend canister no longer serves executable assetsintegrity_hashesparameter fromsecurity_headers()and inline script extraction logic fromassets.rscontent_security_policy_header()function entirelyRuntime captcha configuration
registerendpoint respect theCaptchaDisabled/CaptchaTrigger::Dynamicconfig (previously it always validated captcha, relying on the compile-timedummy_captchafeature)captcha_required()between v1 and v2 registration flowsTest updates
arg_with_wasm_hash) toCaptchaDisabledsincedummy_captchais no longer available to make captcha solvable in testsarg_with_captcha_enabled()helper for tests that specifically test captcha behaviorCaptchaEnabledverify_security_headersto match the simplified CSP