bug 1567320: add support for funnel_experiment and funnel_variation a… #95
Conversation
attributioncode/validator.go
Outdated
| if len(unEscapedCode) > 200 { | ||
| logEntry.WithField("code_len", len(code)).Error("code longer than 200 characters") | ||
| return "", errors.New("code longer than 200 characters") | ||
| if len(unEscapedCode) > 400 { |
There was a problem hiding this comment.
We've talked about increasing this to e.g. 600 or 800 to make sure we can accommodate a long UA string if needed.
There was a problem hiding this comment.
Making a length increase should be fine long term as long as we keep in mind there are existing Firefox releases that reject attribution over 200 characters: https://hg.mozilla.org/releases/mozilla-release/file/2c8be14a89c92e56dbfc10ad32284e628a517a93/browser/components/attribution/AttributionCode.jsm#l24
There was a problem hiding this comment.
I thought the size limitation had something to do with the stub installer.
There was a problem hiding this comment.
I have a patch that increases the length firefox accepts: https://phabricator.services.mozilla.com/D57906
attributioncode/validator.go
Outdated
| "funnel_experiment": true, | ||
| "funnel_variation": true, |
There was a problem hiding this comment.
@mixedpuppy just making sure, on windows, the expected keys have no funnel_? https://hg.mozilla.org/releases/mozilla-release/file/2c8be14a89c92e56dbfc10ad32284e628a517a93/browser/components/attribution/AttributionCode.jsm#l66
There was a problem hiding this comment.
We should aim for consistency here. funnel_ is not adding anything to these parameters. If Firefox expects experiment and variation, then we should plan on those being sent all the way from the start. Bedrock work hasn't begun, so we can get this in.
There was a problem hiding this comment.
IIRC funnel_ was requested. On windows portions are stripped somewhere along the way to reduce data size I think, but they are not for osx (which doesn't work anyway, I noticed Mardak comment on some bug about using the quarantine data, that's what we tried).
There was a problem hiding this comment.
Looks like this was the last comment in the firefox bug re: prefix or not:
https://bugzilla.mozilla.org/show_bug.cgi?id=1515172#c37
This seems to say the url may contain "utm_" and "funnel_" that then end up getting stripped before stored as attribution.
Looking at the AttributionCode.jsm logic, it does seem to support "utm_" and "funnel_" and no-prefix for url-based attribution for mac while on windows, it only wants the stripped versions, e.g., "source" "medium" as before and the new "experiment"
There was a problem hiding this comment.
prefixed is supported of osx. non-prefixed is for windows. The stub installer is limited to 200 characters.
There was a problem hiding this comment.
prefixed is supported of osx. non-prefixed is for windows. The stub installer is limited to 200 characters.
Let's walk backwards:
- does telemetry require any particular param format?
- does the stub binary require any particular param format?
- can we simplify to avoid different behavior per platform?
Since we're working on the stubattribution service here, presumably we can plan to support those requirements.
And since we're working on Bedrock in mozilla/bedrock#7474, we can plan to support them there, too.
Where, specifically, is the constraint? In https://bugzilla.mozilla.org/show_bug.cgi?id=1406005#c49, mhowell says the stub binary is limited to 1010. In this PR, we can see that it was limited to 200, and is now set to 400, and I'm requesting 600-800. Are there any other hard constraints to be aware of?
There was a problem hiding this comment.
I've no opinions here, just attempting to relay what I can remember (hopefully relatively accurate) from when I looked at this last...
I didn't run into anything with specific limits/formats in the telemetry data.
To my knowledge the windows stub binary wouldn't require any specific format. The download service that builds the stub might, and IIRC that is a) where the prefix is stripped, b) has a hard coded list of what keys are allowed into the stub.
I'd verify in current code what the current limit is. Seems like 1000 as mentioned should be enough.
osx attributions (if a workaround is ever figured out) happen via the quarantine database, so the param keys are unchanged from whatever the referrer url was. That is why the service tries to support both with/without prefix.
There was a problem hiding this comment.
It looks like the time this logic here (stubattribution validator.go) is used, there's a combined attribution_code that is parsed and handles keys like "source" and pretty sure there's no knowledge of "utm" anywhere in this repository.
From my searching around, stripping of "utm_" happens on bedrock backend as part of the hmac signature generation process which currently accepts {utm_source, utm_medium, …} json and returns {attribution_code, attribution_sig} json where the "attribution_code" has the concatenated prefix-stripped keys.
So yes it looks like validator.go should use "experiment" and "variation" without "funnel_" just like it doesn't currently expect "utm_*". And these prefix-less attribution will work with existing windows firefox 71.
(And attribution doesn't work quite right on osx anyway, and doesn't get called from bedrock anyway, so we don't really need to worry about compatibility yet. https://bugzilla.mozilla.org/show_bug.cgi?id=1525076 )
stubservice/main.go
Outdated
| @@ -148,6 +148,8 @@ func pingdomHandler(w http.ResponseWriter, req *http.Request) { | |||
| attrQuery.Set("medium", "pingdom") | |||
| attrQuery.Set("campaign", "pingdom") | |||
| attrQuery.Set("content", "pingdom") | |||
| attrQuery.Set("funnel_experiment", "pingdom") | |||
| attrQuery.Set("funnel_variation", "pingdom") | |||
There was a problem hiding this comment.
I'm not sure how this pingdom stuff works (or if it's used?), but I would guess the query params should be the funnel_-less versions.
| "campaign": true, | ||
| "content": true, | ||
| "experiment": true, | ||
| "variation": true, |
There was a problem hiding this comment.
Just noting, and we probably don't need to change anything here -- this allows experiment or variation to be set without the other, which could totally be valid, e.g., some experiment with no variation compared against a baseline no-experiment.
There was a problem hiding this comment.
Oh, does this need "ua"? https://searchfox.org/mozilla-central/rev/a92ed79b0bc746159fc31af1586adbfa9e45e264/browser/components/attribution/AttributionCode.jsm#35
Probably could use a comment in the code for validAttributionKeys that it should match what is in firefox also.
attributioncode/validator.go
Outdated
| "net/url" | ||
| "time" | ||
|
|
||
| "github.com/pkg/errors" | ||
| "github.com/sirupsen/logrus" | ||
| ) | ||
|
|
||
| const maxUnescapedCodeLen = 600 |
There was a problem hiding this comment.
Also just noting and probably don't need to change anything here either -- Firefox does a length check against the escaped code length while the check here is against the unescaped length.
There was a problem hiding this comment.
At least, I think it should match what fx has, with a comment pointing to it.
attributioncode/validator.go
Outdated
| "net/url" | ||
| "time" | ||
|
|
||
| "github.com/pkg/errors" | ||
| "github.com/sirupsen/logrus" | ||
| ) | ||
|
|
||
| const maxUnescapedCodeLen = 600 |
There was a problem hiding this comment.
At least, I think it should match what fx has, with a comment pointing to it.
| "variation": true, | ||
| } | ||
|
|
||
| var requiredAttributionKeys = []string{ |
There was a problem hiding this comment.
I'm not familiar with the code here, so just going on what I see here, name indicates to me that all these must be present.
Do we really require all these to be present? At this point I don't remember what AMO passes in (or if that functionality still exists on AMO, or if this change would affect that). Perhaps @jvillalobos can answer the AMO part.
There was a problem hiding this comment.
For links going to AMO we require source and medium and, depending on the case, campaign or content.
There was a problem hiding this comment.
Ok, if we do not always include campaign or content, then we probably shouldn't have a set of required attributes here.
There was a problem hiding this comment.
I don't have all the details about the decision to make attributes required, but I do suspect it relates in part to concerns about passing web history into client telemetry (which is a data classification concern). That is primarily an issue with the "source" param, hinted at in an origin bug for this feature. Since we only allow attribution for a subset of possible sources, we have to require source.
It's also true that without a source and some other value, attribution isn't particularly useful. Source is required; medium and campaign are very valuable; content is not always helpful, and often omitted.
On www, we fill up some empty params with default values to ensure they can pass this validation, which does not provide any information value over simply making them optional.
There was a problem hiding this comment.
On www, we fill up some empty params with default values to ensure they can pass this validation, which does not provide any information value over simply making them optional.
Ahh, that might be reasonable then, but a code comment here explaining that would be helpful.
There was a problem hiding this comment.
Sorry for the late change, with Firefox 73 supporting ua going to release in about a month, we would like to get that change in to stubattribution sooner than later. https://hg.mozilla.org/mozilla-central/rev/325f8606c0c1
Hopefully this should be relatively straightforward with the existing refactoring done in this PR.
|
@Mardak I think I've addressed all your concerts, will you please you re-review? |
|
|
||
| if code == "" { | ||
| logEntry.Error("code is empty") | ||
| return "", errors.New("code is empty") |
There was a problem hiding this comment.
When does this trigger? Or is the validCodes test with "" wrong? Should empty code result in the 3 "not set" and "other" source?
There was a problem hiding this comment.
This only triggers if attributioncode="" or no attribution code parameter is in the query string. In that case, it just redirects to a standard non-attributed installer.
There was a problem hiding this comment.
I've also updated the tests.
…ttribution keys