0.75.1 (2016-11-29)

Bug Fixes

client: Canonicalize emails when going to /settings (#4473) r=vladikoff (5901b2a), closes #4463
client: Use the server returned email when signing in. (#4472) r=vladikoff (668be9e), closes #4467

0.75.0 (2016-11-28)

Bug Fixes

client: is*Visible fixes for template written messages. (b58cfb4)
client: Babel is only available during development. (#4433) r=vladikoff (6da1956)
client: delete the redundant flow-event-metadata model (#4456) (01e06a5)
client: Fix the startup l10n/everything-else race condition. (#4438) (24e9932), closes [(#4438](https://github.com/(/issues/4438)
client: Flush metrics before redirecting to an external link. (5bcf94f), closes #4458
client: pass correct OAuth client id to certificateSign (0c89b9a)
client: Visible success/error messages stay visible on view render (7fa9c00)
clients: add refresh progress state (#4382) r=vbudhram,shane-tomlinson (b42102e), closes #4165
clients: add tablet support to app placeholders (#4414) r=vbudhram (3f97df4), closes #4412
clients: Always sort the current device first. (#4430) r=vladikoff (7ce2bf9)
csp: update helmet to version 3 (#4444) r=vbudhram (517a287)
l10n: fix string extraction in server syntax (#4443) (819f098), closes [(#4443](https://github.com/(/issues/4443) #4406
metrics: drop invalid utm_ params from flow data (3a3a7b1)
metrics: log some metrics about the number of clients (#4454) r=vbudhram (c5075a8), closes #4229
metrics: round flow time down before emitting (f1f87cc)
metrics: separate the begin and view flow events (33b2f00)
test: Fix failing oauth-reset-password functional test (#4465) (9428b8e), closes [(#4465](https://github.com/(/issues/4465)
tests: add SRI testing to functional tests (#4432) r=vbudhram,shane-tomlinson (d99d598), closes #4364
webchannel: handle errors from Firefox WebChannels (#4457) r=shane-tomlinson (8fa56e6), closes #3668

chore

docs: Add a comment about why view.logView is done in app.js (44304c2)
git: Update .gitignore to support nested .eslintrc files (#4409) r=vladikoff (10ecdfb)
nsp: remove exceptions (#4416) r=pdehaan (a4728ca), closes #4410
shrinkwrap: add npm script for shrinkwrap (#4445) (fce4016), closes #4439
typo: fix 'suppress' type in base.js (6c1a3e5)

Features

client: Enable "show" password button for everyone! (#4435) r=vladikoff (830f666)
client: Pass the email address in the resume token. (898b7cf)
devices: add duplicate reason for disconnecting (69bd338)
l10n: Include translations in JS bundle. (#4348) r=vladikoff (eb79afc)
server: Babel can be disabled via config. (#4418) r=vladikoff (e08231d)

Refactor

client: Cleanup marketing-mixin & marketing_snippet responsibilities r=vladikoff (ffcbbfe)
client: skip rendering if navigate is called in beforeRender (f58b1a5)
email: Remove sendEmailIfVerified logic r=vladikoff (886f394)
metrics: extract flow event logic from POST /metrics handler (3e69724)
test: bounced email takes care of its own prerequisites. (#4466) r=vladikoff (1f27ff5)
test: fillOutResetPassword no longer takes a context. (#4405) r=seanmonstar,vladikoff (d082a40)
test: fillOutSignIn no longer takes a context (395b958)
test: fillOutSignUp no longer takes a context. (#4404) r=seanmonstar,vladikoff (20ea0fe)
test: openPage no longer takes a context. (#4434) (2de72cd)

0.74.0 (2016-11-14)

Bug Fixes

client: Do not show marketing material on Fx for iOS. (#4368), r=@vbudhram (7909cc5), closes #4366
client: Fix unlocalized app store buttons. (#4394) (edb9404), closes [(#4394](https://github.com/(/issues/4394)
client: Make the constructor a normal function in FlowEventMetadata (a078e6f)
client: Merge marketing_snippet_ios and marketing_snippet (#4384) (cb34b95)
client: Open email preferences in new tab (#2500) (#4387) r=shane-tomlinson,vladikoff (452cce0), closes #2500
config: Strip any trailing '/v1' from auth_server_base_url. (#4357); r=shane-tomlinson (ba0c0c0)
logging: validate flow id before emitting events (ccfc033)
metrics: overhaul flow events for more accurate funnel analysis (7507f2a)
password: hide show password label until theres text in the pass… (#4099) r=vladikoff,ryan (01e6fcb), closes #4095
routes: Redirect *_complete to *_verified r=vladikoff (295cfc5)
signup: Changes style of badges (#4340) r=vladikoff (c44a1b4), closes #3697
test: Always send a locale when creating an account. (#4363) (2268a64)
test: Fix the "device and apps panel works" functional test. (6b7eb2c), closes #4397
test: Fix the "device and apps panel works" functional test. (#4403) r=vladikoff (105b14c), closes [(#4403](https://github.com/(/issues/4403) #4397
test: Sync reset password, verify different browser. (05d21a5), closes #4399
test: Sync reset password, verify different browser. (#4402) (96ad29c)
test: Try to figure out Firstrun v1 sign_in - unverified (#4365) r=vladikoff (40f78e1)
typo: fix typos (ea84f99)

chore

lint: fix sasslint in marketing ios (94b17b6)

Features

apps: add new service icons, enable apps feature (#4381) r=vbudhram (72b06a5), closes #4213
client: Add iOS App banner to pages (#4371) r=vladikoff (58e57e5)
client: Send source_url to Basket's /subscribe endpoint (#4342); r=rfk (4bdbfa1), closes #4315

Refactor

avatar: remove getAvatars, prepare to remove 'selected' param (ad89416)
avatar: remove getAvatars, prepare to remove 'selected' param (#4393) r=shane-tomlinson (76ccf02)
cancel: auth_brokers/base.js->canCancel moved to capabilities (#4374) r=vladikoff,shane- (80b9999), closes #3235

0.73.1 (2016-11-02)

Bug Fixes

tests: raven is a test dependency for server tests (d6f0900)

chore

deps: update got, shrinkwrap (#4360) (0970140)

0.73.0 (2016-11-01)

Bug Fixes

build: Bring back SRI. (#4353) r=vladikoff (6b1a510), closes #4347
client: All template writes are by default HTML escaped. (#4296) (4329101)
client: Fix the Open Gmail button on confirm_reset_password (#4328) r=philbooth,vladik (9838d93), closes [(#4328](https://github.com/(/issues/4328) #4327
client: Use open in webmail button on reset sent page (#4313) r=vladikoff (4004ec4)
devices: handle blank device names (#4323) r=shane-tomlinson,vbudhram (1be81aa), closes #4205
links: fix privacy links for Fennec Android (#4320) (c0c7de5), closes [(#4320](https://github.com/(/issues/4320)
metrics: ignore flow events if begin time is missing (#4351) r=vladikoff (1186e29)
metrics: Stop double counting the *_complete screen views. (c4ab494)
package.json: Remove the left over reference to fxaIframeOauthApp (#4310) r=vladikoff (6bd869e)
sentry: clean up abs_path in reports (#4331) (3ac9ac7)
styles: adjust device and apps button size (#4332) r=vbudhram (e25595e), closes #4266
styles: adjust modal h2 styles (#4321) (c7a0de0)
test: Fix oauth sign_in - verified, blocked, incorrect password (#4341) r=vladikoff (9aec0eb), closes [(#4341](https://github.com/(/issues/4341)
test: Fix flaky sign-in-cached functional test. (#4352) (1e0122f), closes [(#4352](https://github.com/(/issues/4352)
tests: add restmail to open webmail providers to fix test rate limits (#4346); r=vbudhr (f039edd), closes [(#4346](https://github.com/(/issues/4346) #4318
tests: Allow the unit tests to be run against any auth server (#4299) (d39313b)
tests: Fix "FxiOS v1 sign_in - verified, verify same browser" Cirlce (#4334) r=vladikof (a26ed29), closes [(#4334](https://github.com/(/issues/4334)
tests: Fix the sign in, open settings in a second tab test. (#4338) r=vladikoff (42e2398), closes [(#4338](https://github.com/(/issues/4338) #4337
tests: load Intern modules from new browser_modules (33f1bdd)
tests: set to Firefox 46 (19a7489)
tests: switch from request to got in teamcity test runner (#4354) r=vladikoff,rfk (e3a8720)
travis: test on node 4 and 6 (b13494d)
typo: fix the whitepsace (fa8e444)

chore

client: Remove OAuth WebChannel Keys support. (#4295) (c07664f)
docs: add circle ci badge (c83c994)
repo: Merge train-72 fixes back to master (#4312) (806e164), closes [(#4312](https://github.com/(/issues/4312)

Features

devices: add mobile get app placeholders (#4261) r=vbudhram,shane-tomlinson (861af52), closes #4261
icons: Use optimized svg icons in device view (#4294) r=vladikoff (703e372)
metrics: Add reset password flow metrics (cc02b52)
sentry: Add sentry middleware for express (#4345) r=vbudhram (4bd04bf), closes #4208
tests: Allow CircleCI test parallelization. (#4298) (42b80c9)

Refactor

client: Reduce repetition when initializing the auth-brokers. (66cfb66)
client: remove crosstab. (#4192) r=vladikoff (07b5902), closes #3415
deps: switch from request to got module (#4344) r=rfk (f1d7cf9)
disconnect: OAuth services Disconnect button does not need … (#4314) r=vladikoff (bb87fc3)
settings: remove sync preference button (#4326) (9f43ddf)
tests: Remove context from clearBrowserState (#4343) r=vladikoff (421d376)

0.72.1 (2016-10-20)

Bug Fixes

csp: single-quote 'none' keyword (#4311) (22557a9)

0.72.0 (2016-10-19)

Bug Fixes

styles: adjust stacking for Firefox 49 (#4259) (bd02425)
teamcity: add configuration for latest6.dev.lcip.org (9887e9a)
teamcity: path location should be really relative to the script (ba0bcd5)
teamcity: path location should be relative to the script (e8f397e)
teamcity: update module versions to match package.json (#4254) r=vladikoff (f181a2e)
test: Fix the "focus" test (#4275) (fd5c7b7), closes [(#4275](https://github.com/(/issues/4275)
test: Fix the requireOnDemand unit tests in Fx 52. (#4276) (caa82d8), closes [(#4276](https://github.com/(/issues/4276)
tests: Fix the oauth query parameter validation functional tests. (#4286) (a70cc82), closes [(#4286](https://github.com/(/issues/4286)
text: Change Damaged link to Link damaged to consolidate strings (#4287) (c3c8c79)

Features

signin unblock (#4154) (18850e1)
hpkp: Add HPKP headers (#4097) (660f604)
metrics: Always send a metricsContext.context from the content server. (#4251) (1fefb77)
server: Ban all objects using CSP. (#4285) (b6e9a25)
test: Point circle at fxa-ci.dev.lcip.org (#4282) (3cec607)
test: Use package.json for version info for teamcity dep install (8de7ef0)
tests: Update Fx and Selenium versions on Travis. (#4271) (5831294)

Refactor

client: var=>const for all requires (#4263) (5490a0b)
client: Ditch var self=this (#4264) (808ad8d)
client: Remove colon from device timestamps (#4222) r=shane-tomlinson,vladikoff (253da2e)
client: Use object shorthand for functions. (#4265) (f44c262)
incorrect-password: Changed Text in case of wrong password (#4258) r=vladikoff (9279e69)
signup: Messaging Size Matched (#4249) r=vladikoff (05db4d2)
test: Update the confirm functional test to use helpers. (#4273) (35b9330)
tests: Update the email-optin tests to use helpers. (#4279) (2f273cd)

0.71.0 (2016-10-06)

Bug Fixes

build: backslash-escape "/" in character class to satisfy minimizers (#4206) r=vladikof (c3a65ce)
build: Ensure revs/filenames are correctly created. (#4210) r=vladikoff,jbuck (6338a82)
build: switch to grunt-file-rev from grunt-rev (#4199) r=jbuck (e4f750d)
client: Add 'rel=noopener noreferrer' to all external links (c19c7ed), closes #4091
client: Fix signup confirmation poll. (307bb67), closes #4237
client: normalizeXHRError handling 503 and 429 error (2a7009c)
devices: use uid for devices panel (9213f29)
docs: Standardize jsdoc param/returns to use {Capital} for types. (#4226) (b58f427)
logging: ensure flow begin events get correct flow_time (#4236) (bed3feb)
logging: identify the view in flow.begin event (#4224) r=vladikoff (b8952f0)
password: remove need inspiration link from password prompts (#4172) (c392f96)
server: Only one bodyParser.json is needed. (#4200) r=vladikoff (ee82c3c)
signin: displaying new message for already verified sign-in tokens (#4176), r=@vbudhram (7eb856e)
test: Fix the sign in to OAuth with Sync creds on latest. (#4245) r=vladikoff (dc60cea), closes [(#4245](https://github.com/(/issues/4245)
tests: add oauth app functional tests (#4209) r=shane-tomlinson (9af4895), closes #4109
tests: Ensure the complete_sign_in functional tests pass. (#4183) (60c8159)
tests: fix broken data-flow-begin functional tests (#4223) (bdf72a6), closes [(#4223](https://github.com/(/issues/4223)

chore

circle: add circle.yml with testing config (#4197) (2df2b48)
client: Rename webmailLink to unsafeWebmailLink (#4174) r=vladikoff (3511ccd)

Features

client: /config now returns a 410 HTTP status. (#4153) r=vladikoff (e6ff90e)
metrics: add flow event for have-account (bcc0974), closes #4216
metrics: adjust tests and logic for the event (4272d51)
sentry: move sentry release version to front-end (#4220) r=vbudhram (18ddbf6), closes #3474
shared: add new locales (9a24702)

Refactor

client: Add the external-links-mixin to the BaseView (#4184) (9900587)
client: Remove all direct fxaClient calls from the views. (#4194) (64081c6)
fennec: force_auth_complete removed (#4211) r=vladikoff (729720c)
jsdocs: displaying new message for already verified sign-in tokens (#4178) r=vladikoff (3824ab8)
settings: ellipses added (#4202) r=vladikoff (eb5418e)
tests: convert 2 sign-in functional test suites to use helpers. (#4207) r=vladikoff (d1a3247)

0.70.0 (2016-09-20)

Bug Fixes

build: remove date from js bundle (#4102), r=@vbudhram (31ca1c1), closes #4101
client: Ensure the "Open Webmail" button is translated. (#4164) r=vladikoff (9d12144), closes #4158
client: Fix /force_auth and /complete_sign_up error handling. (#4129) r=vladikoff (58ddfe9), closes [(#4129](https://github.com/(/issues/4129)
client: Fix broken XHR error response handling. (#4121) r=vladikoff (1230cc6), closes [(#4121](https://github.com/(/issues/4121) #4120
client: Improved calls to action on the confirm reset password screen. (#4100) (2063d6c)
clients: fix fetch for two simultaneous responses (#4111) r=vbudhram (dd2727c), closes [(#4111](https://github.com/(/issues/4111)
email: Add ability for content server to delegate sending emails (#4155) r=shane-tomlin (b7a0963)
oauth: set TTL for the authorization request (#4075) r=shane-tomlinson (3af4e9a), closes #3982
sentry: bring back cache busting file names in sentry (#4103) r=vbudhram (0627b17)
signin: Add delay for login message on iOS broker (#4089), r=@shane-tomlinson (c04980d)
styles: fix horizontal align for comm pref (#4098) r=vladikoff (0f13938), closes [(#4098](https://github.com/(/issues/4098) #3886
tests: Fix 'try to re-use a link' funcitonal test. (#4126) (ce072e6), closes [(#4126](https://github.com/(/issues/4126)
tests: Fix the settings/avatar functional tests. (#4146) r=vladikoff (55d896b), closes [(#4146](https://github.com/(/issues/4146) #4144
tests: improve add event handler for tests (#4122) (8ecdd35)
tests: send Origin headers with resource requests when appropriate (#4059) (030874f)

chore

client: Changed "Tabs" to "Open tabs" (#4156) (7b31dc2)
client: Update Google Play Store badges (#4140) r=vladikoff (f8fcaf7)
docs: Add missing client metrics docs (#4083) (03b8d1b)
docs: add release v0.69.0 notes (440e528)
docs: Add screen images to client metrics docs (#4139) (c3cc9d4)
docs: Document known values for entrypoint metrics param. (ddcf9c8)
server: Remove custom FxOS CSP code. (#4118) r=vladikoff (a1fef3d), closes #3958
tests: Remove listenForWebChannelMessage - it's no longer needed. (#4142) r=vladikoff (6bd603f)
travis: drop node 0.10 support in travis (#4149) (ba77285)

Features

client: Embed config values in the HTML. (#4147) r=vladikoff (1e8f1d7)
deps: Use jQuery 3.1.0 and sinon 1.17.5 (#4117) r=vladikoff (4fe8dc0)
devices: add devices modal and additional metrics (#4131) r=vbudhram,shane-tomlinson (aed667e)
devices: add tablet icon (#4132) r=vbudhram (d9c007e), closes #4030
errors: support localized throttled message (#4145) (374858e)
experiments: update to latest experiment tag (#4171) (8ffa42f)
metrics: add flow.attempt_signin, flow.engage, flow.attempt_signup (#4150) r=rfk,philboot (e618104)
oauth: add OAuth app management ui (#3935) r=shane-tomlinson,vbudhram (e6b4333), closes #3921

Refactor

client: Extract all element type specific code from form.js (#4108) (e33ecc4)
client: Reduce fxa-js-client fetch boilerplate (#4090) (51a70fb)
client: Unify all the resend email code into resend-mixin. (#4123) (4231045)
signin: make all beforeSignIn methods use the account object (#4082) (58af33b)

0.69.0 (2016-09-07)

Bug Fixes

build: remove date from js bundle (#4102), r=@vbudhram (31ca1c1), closes #4101
client: Improved calls to action on the confirm reset password screen. (#4100) (2063d6c)
clients: fix fetch for two simultaneous responses (#4111) r=vbudhram (dd2727c), closes [(#4111](https://github.com/(/issues/4111)
oauth: set TTL for the authorization request (#4075) r=shane-tomlinson (3af4e9a), closes #3982
sentry: bring back cache busting file names in sentry (#4103) r=vbudhram (0627b17)
signin: Add delay for login message on iOS broker (#4089), r=@shane-tomlinson (c04980d)
styles: fix horizontal align for comm pref (#4098) r=vladikoff (0f13938), closes [(#4098](https://github.com/(/issues/4098) #3886
tests: send Origin headers with resource requests when appropriate (#4059) (030874f)

chore

docs: Add missing client metrics docs (#4083) (03b8d1b)

Features

oauth: add OAuth app management ui (#3935) r=shane-tomlinson,vbudhram (e6b4333), closes #3921

Refactor

client: Reduce fxa-js-client fetch boilerplate (#4090) (51a70fb)
signin: make all beforeSignIn methods use the account object (#4082) (58af33b)

0.68.1 (2016-08-24)

Bug Fixes

styles: change color of label on permissions page (#4079) r=vladikoff (f2cf887), closes #4052
styles: remove transition on show password button (#4078) r=vladikoff (10f6d44), closes #4076
tests: adjust timeouts and window handles for TeamCity tests (#4081) (be51e51)
tokens: Display expired token on sign-in verification error (#4047) (296250f)

Refactor

client: Remove support for fx_ios_v2 (#4080) r=vladikoff (f6ea1ef), closes #4073

0.68.0 (2016-08-23)

Bug Fixes

client: Fix autofocus being called repeatedly on hidden settings panels. (#4043) r=vladi (a541eca), closes [(#4043](https://github.com/(/issues/4043)
css: Remove right margin on settings (#4054) r=vladikoff (5c4083c)
deps: update prod dependencies (#4034) (6682ae2)
l10n: fix input type direction to match Gmail (#4070) r=vbudhram (025ed91), closes [(#4070](https://github.com/(/issues/4070)
l10n: fix translations for the password warning (#4068) r=vbudhram (ce88b84), closes [(#4068](https://github.com/(/issues/4068)
logging: flow.begin is a flowEvent, not an activityEvent (#4051) r=vladikoff (32fa116)
sentry: do not send the same error more than once (#4066) r=vladikoff (82b4e30), closes #4023
sentry: separate errors by errno, switch known errors to info level (#4074) (d0b3828)
signup: add an error code for unknown account verifications (#4061) r=vbudhram (46595e1), closes #3989
strings: adjust support link for devices and apps (#4072) r=rfk (4227c2d), closes #4067
styles: adjust property sort order to remove lint warnings (b1e0bc0)
styles: bring back CWTS email field (#4063) (a472bea), closes #4062
teamcity: tests now require fxa-shared installed (381fb20)
tests: Add a helper function to close a window. (#4038) r=vladikoff (7a7785e), closes [(#4038](https://github.com/(/issues/4038)

chore

tests: disable auto update for test profiles (27e2728)
travis: retry nsp check on travis due to flaky api (0ca0c5d)

Features

experiments: update latest experiments for train-68 (#4071) (dfa8f84)
passwords: add support article about password strength (#4014) r=vbudhram (b6a3319), closes #3945
settings: escape key hides the current panel (#3845) r=vladikoff (82c7fba)

Refactor

client: browserify jwcrypto to prepare for requireOnDemand. (#4035) r=vladikoff (3600b0a)
client: jwcrypto is now loaded using requireOnDemand. (#4041) r=vladikoff (84706d8)
client: Load fxa-js-client using requireOnDemand. (#4042) r=vladikoff (ff706a4)
client: Refactor the hide-on-escape key code. (#4046) r=vladikoff (615e138)
client: Use cache busting URLs with require on demand. (#4002) r=vladikoff (053153e)
client/server: Ditch the postMessage origin check for iframes (#4008) (c1f5260)
devices: remove timeago, use device last active from the fxa-auth-server (#4033) (36bb232)
devices: rename devices view to clients (#4055) r=vbudhram,rfk (d425e8f)
l10n: use shared source for l10n list (#4050), r=@vbudhram (a3a5294)

0.67.0 (2016-08-09)

Bug Fixes

build: Fix l10n extraction of template strings. (#4028) r=vladikoff (38557d5), closes [(#4028](https://github.com/(/issues/4028) #4027
client: No screen transition post confirm signin for OAuth Webchannel keys (#3997) r=vla (6d15ece), closes #3966
client: OAuth flows that request keys must do signin confirmation. (#3991) (a77c3c9)
client: Only show passwords while depressing the "show" button. (#3978) (251f0e3)
client: propagate flow data to confirm view (#3990) (cbbd8a5)
client: update to latest able version (#4018) (4466d93)
devices: add 'last active' to formatted string (#4015) r=shane-tomlinson (96eaafa), closes #3960
devices: add title attribute to device names (#4016) r=vbudhram,ryanfeeley (83f0da2), closes #3959
experiments: update experiments to train 67 (#4025) (3762ea2)
jsdoc: add eslint jsdoc validation (#4010) (fcf1ebf)
logging: use legacy log format for activityEvents (b87805e)
signup: add utm params to suggest-sync (#4029) r=vbudhram (aabd4f6), closes #4021
styles: remove bold from current device (#4020) (138c98c), closes #4019
tests: fix remote tests/server/routes/get-fxa-client-configuration (69bfeee)

chore

client: Remove signin confirmation transition code from fxa-client.js (d26aa75)
deps: Bump fxa-js-client to 0.1.46 (#3987) r=vbudhram,vladikoff (c1b42bc)
deps: Bump the fxa-js-client version to 0.1.45 (#3983) r=vladikoff (401bd31)
scripts: update npm versions used to run in teamcity (#3999) r=vladikoff (4d600e7)
teamcity: a tool to help updating bash-embedded dependencies (#4001) r=vladikoff (8bce55b)

Features

metrics: Add utms to statsd (#4026) r=vladikoff (859591a)

0.66.0 (2016-07-26)

Bug Fixes

avatar: prevent buttons from flashing (#3850) (6e7f360)
client: always send a service param to /certificate/sign (01a0ae5)
client: Check for expired sessions whenever the user focuses the settings page. (#3924) (25cf276)
client: Help the password manager save the username on pw reset/change. (#3977) r=vladik (362b2fb)
client: Hide all visible passwords on form submit. (#3969) (a6c848c)
client: use context constants instead of literals (#3961) (88ae365)
confirm: add known error code when polling fails (#3943) r=vbudhram (c509963), closes #3925
devices: adjust download links for browsers (#3926) r=vladikoff (d178aee), closes #3540
l10n: Fix l10n extraction on ES2015. (#3963) r=vladikoff (01334e7), closes [(#3963](https://github.com/(/issues/3963) #3962
server: Allow FxOS 1.x and Fennec < 25 to sign in/up (#3940) (5b87852)
server: Ensure CSS for the TOS/PP agreements is served from the CDN. (#3981) r=vladikoff (b4867ed), closes #3976
server: Re-add the /.well-known/openid-configuration route (7781973)
styles: fix settings email header when display name set (#3930) (65aef25), closes [(#3930](https://github.com/(/issues/3930)
teamcity: fail fast if all servers are not up (#3936) r=vladikoff (a2c9656)
teamcity: server tests don't need selenium running (#3975) r=vladikoff (86deba7)

chore

deps: Bump request and universal-analytics dependencies (#3967) (b271bce)
dev: add remote development script and docs (#3971) r=pdehaan,vbudhram (d82f0a1), closes #3951
openid: Remove support for OpenID. (8532c17)
strings: add location strings to strings.js (#3972) (1e27f74)

Features

build: ES6 with babel (#3841) (72f9051)
client: Always notify browser on password change. (#3913) (56417ac)
client: Remove Account Lockout. (#3956) r=vladikoff (4b8b867), closes #3949
client-config: Add a /.well-known/fxa-client-configuration endpoint (#3919) (cbd341a)
metrics: Add a <view_name>.back event when the user clicks a back link (9bd0c6c)
password: make hints progressively useful (#3791) r=vladikoff (e327d39), closes #3731
server: Update helmet to the newest version. (#3941) r=vladikoff (3e3fdc8)
tests: Add more functional tests for sign in unverified flow. (#3947) r=vladikoff,vbudh (e7b7f24)
tests: Add signin confirmation tests for iOS, Fennec, WebChannel (#3937) (0f8293f)

Refactor

client: remove campaign param support, switch to utm_campaign (#3915) (e6d20a9)
client: remove state from the resume token (#3923) r=shane-tomlinson (615c7aa)
jscs: port jscs to eslint (#3946) r=vladikoff (7606356), closes #3669
oauth: remove support for privacy and terms uris (#3942) (430716d)

0.65.0 (2016-07-12)

Bug Fixes

client: remove sync suggestion from signin view (#3922) r=vladikoff (311935c), closes #3903
client: adjust fade in animation for the confirm view (#3909) r=vladikoff (48a5d41), closes #3887
client: Fix sign in from the firstrun flow. (#3889) (82138ed), closes [(#3889](https://github.com/(/issues/3889)
client: Fix the device view sort order. (#3906) r=vladikoff (d993adb), closes [(#3906](https://github.com/(/issues/3906) #3899
server: Add confirm_signin to the list of front end routes. (922e1d5)
settings: cancel button resets values (#3837) r=vladikoff (0ff2e35), closes #3544
styles: fix coppa page margins (#3847) r=ryanfeeley (e0148b6), closes [(#3847](https://github.com/(/issues/3847) #3199
styles: new spinner for disabled inputs (#3900) r=ryanfeeley (6862641), closes #3882
tests: Fix the Sync v3 settings WebChannel message checks. (#3912) (b6a973c), closes [(#3912](https://github.com/(/issues/3912)
tests: fix WebDriver add-on compat check (71dba91)
tests: no more post-verify email if service is blank (f505295), closes #3879

chore

deps: Update fxa-js-client to 0.1.43 (#3885) r=vbudhram (3a39024)
nsp: add issue 121 to pending fix (32d57b4)
readme: update readme with grunt sass watch (#3877) r=vladikoff (3f52b0e), closes #3876
sasslint: fix sasslint warnings (#3874) r=vladikoff (7d81e53), closes [(#3874](https://github.com/(/issues/3874) #3854

Features

client: Add a button to Open in Yahoo/HotMail/Outlook (#3872) r=vladikoff (46cdc3b), closes #3640
client: Add fade in to 'Back' link on confirm view (#3894) r=vladikoff (b6ddc02)
client: Reword and slowly fade in the resend account verification email link (17b2cfe), closes #2654
client: users from login and registration to about:accounts (#3870) r=vladikoff (6a59d8c), closes #3421
metrics: send reminder param to account verification (#3871) r=vbudhram (c3c04f8), closes #3864

Refactor

errors: catch interpolation error (#3917) r=vladikoff (5703853), closes #3846
settings: Code migration from settings-mixin to settings.js (#3873) r=vladikoff (cba214b), closes #3091
signup: remove exclude_signup support (#3883) (a2ff648)
tests: Refactor the change password tests to use helpers. (#3910) (aa14f05)

style

devices: improve current device design (#3828) r=vladikoff,shane-tomlinson (a88c1c8)

0.64.0 (2016-06-22)

Bug Fixes

client: Filter unwanted fields in call to /recovery_email/status (#3839) (317c9cf)
client: force numeric input for age field on signup page (#3803) r=shane-tomlinson,vbudh (0e96539)
client: Show a sensible error message if basket is unavailable. (#3867) r=vladikoff,jbuc (9ca06dd), closes #3866
confirm: change resend email limit to first 4 attempts (#3816) r=vbudhram (f02bf19), closes #3777
eslint: update eslint-config-fxa version (#3853) r=vladikoff (eab5cc6), closes #3852
links: adjust mobile app links (#3815) r=vbudhram (58a837c), closes #3692
metrics: Remove the caching sha from urls in the sentry stacktrace (#3861) r=vladikoff (242f24e), closes #3829
mozlog: update to 2.0.4 (#3826) r=vladikoff (5b7d707)
nsp: add advisory 117 to list of known issues (3f1de6e)
nsp: add to ignore list (49f42c6), closes #3857
nsp: update packages to fix nsp warnings (#3849) r=vladikoff (b4051af), closes [(#3849](https://github.com/(/issues/3849) #3848
password: Add missing unit tests (#3812) r=vladikoff,TDA (23eebb7)
permissions: remove line break on permissions page (#3834) r=vladikoff (f78187a), closes #3833
rtl: rtl weird behavior with special characters (#3824) r=vladikoff (21d2dfd), closes #3811
spelling: change stength to strength (#3819) r=vladikoff (0abbdfd), closes #3818
tests: ensure no leftover firefox-bin are running (#3820) (0f52dcb)
tests: ignore error from killall firefox-bin (d14d7be)
tests: show selenium version from /wd/hub/status at test start (#3804) (cd02afd)

chore

l10n: Remove the placeholder strings for fxa-83 (#3856) r=vbudhram (abe1496)
marketing: Use more specific text for the marketing opt-in. (bb7a71f)
tests: Remove listenForWebChannelMessages calls from tests. (#3768) r=vladikoff (c68e130)
tests: Update avatar.js to use functional helpers, remove listenForWebChannelMessages. (1385213)
tests: useTeamCityReporter=true for intern_server tests (#3823) (81f355e)

Features

client: Signin confirmation (#3671) (7c5aee4)
experiment: add show-password experiment (#3801) r=vbudhram (03debc1)
metrics: add statsD/DataDog tag if user is part of experiment (#3836) (bd7dec8)
styles: Add support for .woff2 (#3844) (b204544)
tests: Filter unwanted lines from the mocha stack trace. (#3813) r=vladikoff (34fa5d7)
verify: Pass service param when verifying email address. (#3757) r=vbudhram (2ea10df)

Refactor

cocktail: change _.extend to cocktail.mixin (#3830) (25a1ad8)
flowId: optimize get-index route by adjusting flow-metrics (263d859)
styles: refactor sass variables (#3783) (4c929a4)
tests: Use a helper to get the remote reference. (#3808) (f32761e)

style

colors: restyle buttons, links and labels to conform to mozilla style guide (#3755) (3925684)
devices: make devices and buttons responsive (#3825) (050cb73)
gravatar: left align label (#3842) (8dfd207)
links: stack side-by-side links (#3817) r=vladikoff (8476364), closes #3798

0.63.0 (2016-06-01)

Bug Fixes

checkbox: make only text clickable (#3759) (855bf39)
checkbox: update checkbox styles (#3793) (bc040aa), closes #3691
client: Interpolate error messages before sending to Sentry. (#3764) (26266f6)
client: Password length warning (#3739) (c049106)
force_auth: make force_auth work in web context (#3725) (13798e0)
rtl: adjust rtl css for email and password r=vladikoff,shane-tomlinson (5aeac38)
styles: Fix the click area of side by side links. (#3785) (20b9a51), closes [(#3785](https://github.com/(/issues/3785) #3776
styles: Fix the grunt sasslint errors (#3796) r=vladikoff (7827dbc), closes [(#3796](https://github.com/(/issues/3796)
tests: fix firstrun webchannel tests (f2ddcd7), closes #3790
tests: fix sync_v3 tests for remote environments (#3780) (6600006), closes [(#3780](https://github.com/(/issues/3780) #3772
tests: Fix the functional tests that listen for WebChannel messages. (#3752) (a946f2f), closes [(#3752](https://github.com/(/issues/3752) #3750
tests: improve stability of firstrun tests (#3794) (9d267ab)

chore

deps: Update fxa-js-client to 0.1.39 (#3787) r=vladikoff (5ceea48)
markdown: port marked to remarkable (#3746) r=pdehaan,vladikoff (ba542f7), closes #3728
npm: update shrinkwrap (#3771) (f7dccbb)
nsp: Exclude moment CVE from nsp checks (#3756) (02adab5)

Features

client: Handle the upcoming /complete_signin route. (bde60b4)
client: Stop passing 400 page error messages via query parameters. (#3715) r=vladikoff (2cad043)
metrics: Generate flowId on the server (#3736) (48919e1)
robots: adjust robots config to use "noindex" everywhere. (#3604) (f6ed899)
tests: Add a functional test for re-verifying an account. (#3781) (b2ef9c1)

Refactor

client: Prepare for pw change/reset endpoints to return session data. (#3747) (8d4b359)
tests: Refactor many functional tests to use helper methods. (#3751) (09585b4)

0.62.0 (2016-05-18)

Bug Fixes

base64url: Trim padding per RFC 7515. (#3713) r=vladikoff,rfk (585520d)
client: handle async invalid token on signin (#3681) r=shane-tomlinson (e484bd4)
server: add extra body check for report error (#3709) (c65cbcd), closes #3708
server: add extra body check for report error (#3709) (f10868d), closes #3708
style: Autofocus on submit button and added tabindex (#3703) (322902c)
styles: change focused fields color scheme (#3727) (fdae81a)
styles: increase bottom margin for old password field (#3724) (eac3bee)
styles: replace clear sans with fira sans (#3685) r=shane-tomlinson,ryanfeeley (4798131)
teamcity: use optional TeamCity reporter (#3749) r=vladikoff (abc2e0b)
tests: add missing test runner dependency: helmet (#3723) r=vladikoff (0e92554)
tests: adjust oauth 123done tests for logout (#3722) r=vbudhram (e6bd768), closes #3721
tests: Fix the failing functional test. (#3706) r=vladikoff (2b6f3d7), closes [(#3706](https://github.com/(/issues/3706)
tests: Fix the failing functional test. (#3706) r=vladikoff (8747e0d), closes [(#3706](https://github.com/(/issues/3706)
tests: some functional tests are not cross-dependent anymore (#3719) r=vladikoff,shane- (f4fd9cf), closes #3716
tests: speed up the relier unit tests (#3717) (8bb3edf)
tests: use sessionstorage for testing webchannel messages (#3741) r=shane-tomlinson (b750cd5)

chore

cleanup: cleanup gitignore (#3734) (297e00a), closes #3733
docs: update npm version in README (5c62196)
sass-lint: add sass linting (#3732) r=vladikoff,pdehaan (c4d2def)

Features

client: Fully validate email and uid in the relier. (#3711) (298be44)
client: pass metrics context metadata to the back end (#3702) r=vladikoff (2ebc49a)
errors: Add messaging for new "request blocked" errno 125. (#3735) (aae3c5c)
locale: add Arabic locale support (#3726) r=vbudhram (4450796)
locale: enable Finnish locale (#3738) r=vbudhram (0ef9621), closes #3737

0.61.1 (2016-05-09)

Bug Fixes

server: add extra body check for report error (#3709) (f10868d), closes #3708
tests: Fix the failing functional test. (#3706) r=vladikoff (2b6f3d7), closes [(#3706](https://github.com/(/issues/3706)

0.61.0 (2016-05-03)

Bug Fixes

channels: fix iframe message parsing (a7c7ca2), closes #3602
client: update to fxa-js-client 0.1.37 (#3690) (d9ab90c)
metrics: Scrub PII from CSP reports (1549c87), closes #3689
signup: Update button text on signup and CWTS pages. (203f905), closes #3623
views: do not show session expired warnings in views (#3700) r=vbudhram (6103a64), closes #3222

chore

docs: update comment (49a4477)
docs: update README with new Selenium versions (#3701) (cf9de81)
nsp: Add .nsprc config file to ignore NSP warnings (db49863)
tests: Sort the front end unit tests alphabetically. (2d7ffc9)
travis: drop node 0.12 support (6af6274)

Features

client: implement resume token validation (#3682) (148f42a)
client: Remove synchronization of unmasking on change password fields (cd782c3)
metrics: emit flow.begin event from metrics endpoint (#3683) (8942991)
metrics: update to support Sentry 8 and new raven.js (#3695) r=shane-tomlinson (e302894), closes #3599
server: Enable CSP! (#3627) (bc714b0)

Refactor

client: move fxaClient access out of view (#3696) (dc579de)
csp-reports: Updates based on @vladikoff's feedback (864deb5)

0.60.0 (2016-04-19)

Bug Fixes

client: Clear resetPasswordConfirm flag after successful reset. (b72c27c)
client: Do not skip "reset password" screen in force_auth. (b22eeb4), closes #3477
client: Reduce the number of parseMessage errors. (37e8f04), closes #3594
client: Remove support for Iframed OAuth flows. (5d19757), closes #3628
client: Sign out messages disappear when user starts typing (198070e)
client: isPasswordAutocompleteDisabled removed (7fb7dae)
deps: update most prod deps (a5ae334)
deps: update node-uap version (b43ecdd)
deps: update to bluebird 3 promises (b5f5f17)
strings: fix device string (c4a85c8)
tests: Fix the failure on addEventListener. (371f091), closes #3408
tests: adjust checkbox test to click on labels properly (fd3c658), closes #3618
tests: update device tests to wait for device delete request (84a34df), closes #3405

Features

client: Show a startup spinner on startup (e8f3252), closes #2980
client: Smooth out the "reset_password_confirm=false" flow. (17e27c1)
client: Strict validation of email and uid on force_auth (f666c8b), closes #3040
reset: add reset_password_confirm parameter to allow auto submit (59bfb5f)
signin: handle new account must reset error (126) (b2908af)

Refactor

client: Convert durations into duration-js (8795b14), closes #1657
client: Extract account reset logic into a mixin to be shared. (7bc28f6)
client: Extract open-gmail logic into a mixin to be shared. (007d470)
client: In siginin, rename .prefill to .prefillEmail. (489a80f)
client: Move error reporting from app-start a shared module. (ea12cc5)
logging: Add error module (13858f3)

chore

ci: add circleci scripts into tests (235e20d)
client: Add the strings needed for the email reconfirmation feature. (efb639f)
client: Alphabetize a couple of out of order dependencies. (39dd282)
deps: update devDeps (b7a2862)
deps: update to Intern 3.1.1 (aa14ce6)

0.59.0 (2016-03-21)

Bug Fixes

confirm: do not show errors during confirmation polling (944fc5e), closes #2638
metrics: limit Sentry stack frames (293ab07), closes #3167
tests: server tests now require bluebird and lodash (39461dd)

chore

docs: add a link to prod content server (659bd3c)
docs: Document helper functions added in #3595 (2255991)
tests: Add a missing unit test for views/confirm.js (5ac2347)
travis: unlock node.js versions (0cf6289), closes #3586

Features

client: Better handling of deleted accounts on /force_auth (485433f), closes #3057 #3283
client: joi like validation of query parameters (d9e18ea)
referer: Only send origin in referer header, not whole URL. (f12b67b)
server: emit the new flow.begin activity event (5b74706)

Refactor

tests: Overhaul the force_auth tests. (89de5cd)

Reverts

server: remove server-generated flowId and flow.begin event (83f0503)

0.58.1 (2016-03-09)

Bug Fixes

build: Fix grunt build exception if server template open in vim (d6c9661), closes #3581
client: Only normalize scopes for trusted reliers when prompting for consent. (8aa23fe)
server: Ensure the 400 page prints error messages in production. (1279cff), closes #2070 #3572
tests: add htmlparser2 dependency to teamcity/run-server.sh (26d33af)

chore

tests: Functional test for trusted relier that prompts for consent (c89ceb1)

Refactor

client: Simplify url.js->searchParams (ed3c190)

0.58.0 (2016-03-08)

Bug Fixes

build: copy error pages into dist, not app (118e2c8)
client: forbid single-part domains in email addresses (4c42f47)
client: Handle old accounts that contain accountData (479b7dd), closes #3466
client: Only send login notices to Fx if all data is available. (53fe05f), closes #3514
server: Allow the /signin, /signup, /reset_pasword to be framed (f513fb2), closes #3518
test: Ensure addEventListener exists before invoking. (918cf7b), closes #3408
tests: allow setting fxaDevBox with teamcity run-server.sh (62b8b58)
tests: don't quote commit value (might have leading spaces) (d25225b)
tests: Fix test timeout with selenium 51 (9021c28)
tests: handle OUT: garbage from jsawk (6b268ea)
tests: update modules to match package.json, and jsawk fix (d36f285)
tests: update teamcity server test driver (902195c)
validation: Add validation to optional params in models and reliers (46cc1ad), closes #2025 #3490 #3452

chore

client: Update fxa-js-client to 0.1.34 (fdd9f4e)
git: Remove built app based error pages from .gitignore (ebf464c)
strings: Add strings needed for update password reset flow (fb5087c)
tests: latest4 is also an fxa-dev box (8b57f1e)
tests: Pre-merge cleanup of tests and HTML. (5844134)
tests: Remove hard coded client_id from oauth choose redirect tests. (5064b69)

Features

amo: Signin/Signup based on email query param with existing account (d30d508)
build: Prepare to serve static content from a CDN. (93209b2), closes #3447 #3462 #3463
client: Add a mixin to handle updating external URLs on Fx for iOS (f2f7fc1)
server: add hard crash maintenance mode template (b168cf2), closes #3103
styles: Updated password reset flow (822ab77)

0.57.0 (2016-02-23)

Bug Fixes

client: Do not show the easter egg if in an iframe. (b59e4fe), closes #3483
client: Fix error message behavior post-screen transition. (7da39a8), closes #3503
client: Fix password reset in e10s. (2211306)
client: Fix show/hide password toggle on force_auth (6033838), closes #3532
client: Fix uploading an avatar from file (0d87a98), closes #3519
client: Focus the display name field when opening the panel. (21634ba), closes #3517
cwts: show all sync engine options to all clients (98d1059), closes #3494
devices: remove plural strings from connected date (02d493b), closes #3510
metrics: Report Windows 10 metrics reporting. (045ad50), closes #3445
style: Cleanup sync options styling (6d8cd85)
teamcity: record content,oauth,profile,auth version (latest4) (3190cb0)
tests: adjust case sensitive tests for sync v2 (82946a2)

chore

client: Add the strings for PR #3426 (bc80f3a)
client: signin from signup final touches (7ef7ae9)
install: Sort the dependencies in package.json (3c0d651)

Features

build: Add SRI integrity attributes to static resources. (4b23a90), closes #3449
client: Add support for prompt=consent for OAuth reliers. (041b9fa), closes #3505
client: allow users to sign in from sign-up view (b513701)
client: Expand the permissions screen. (851446a), closes #2477
cwts: enable choose what to sync in fx-firstrun-v2 and refactor other cwts auth_broker (c5d28cc), closes #3365
sass: add hover and active states for avatar upload dialog buttons (fca16ac)

Refactor

test: Image uploader functional tests upload images. (859b7c0)

0.56.0 (2016-02-10)

Bug Fixes

client: Do not sign out of Sync when visiting /force_auth (f96672c), closes #3431
client: Ensure status messages are shown on the signup page. (dfeb53b)
client: Ignore postMessages from chrome://browser (7010bbd)
client: No more redirect to signin_complete w/ fx_desktop_v2 (723da2b), closes #3330 #3353
client: Update the _redirectTo stragglers, add tests. (da5fbfe)
confirm: fix openGmail button visibility (aa122cb), closes #3487
experiments: update to train-55 experiments (01459b6)
metrics: Filter obviously invalid StatsD timings (cdeac93)
metrics: Send an error's context as a Sentry report tag. (8bdfd57), closes #3470
spelling: fix a few typos (8394a57)
teamcity: record content,oauth,profile,auth version (f2672a0)
test: Fix the attempt to use webcam for avatar functional test. (18b0c6d), closes #3455
travis: lock node versions until new versions are supported (ad92350)

chore

client: Add a unit test for sign_up.js->onAmoSignIn (d1364e2)
client: Add the AMO migration string to strings.js (2f8c721)
client: Remove submit from ForceAuthView. (d221aed), closes #3438
client: Remove the extra mixins from the ForceAuthView. (6316053), closes #3437
docs: Add migration possible values documentation. (8d0e17a)

Features

client: Enable "Sync Preferences" from the firstrun flow. (539ed50), closes #3417
confirm: promote "open gmail" to a feature (833358d), closes #3368
migration: Updated to support AMO migration through the migration query param (949f717)
sass: use custom SVGs for avatar upload buttons (21c2821)

Refactor

client: Extract accountKeys, relierKeys to the Account model. (3fdef3f)
relier: remove isFxDesktop(), it is not used (888dd3f)

0.55.0 (2016-01-26)

Bug Fixes

client: enforce validation of notifier event data (7002c76)
client: Fix the browser back button in the firstrun flow. (6c306e0), closes #3296
client: tolerate missing _formPrefill in signed-out-notification-mixin (cf2c6c7)
config: switch to readable config values (d9326cc), closes #2874
devices: format connected date (20eb09a), closes #3377
metrics: Reduce the number of localStorage errors in Sentry. (aedb762)
sentry: adjust cache busting files for Sentry (2a85d0a), closes #3420 #3363
template: update cookies required message to include local storage (59672c5), closes #3129
test: Fix the 'sign in with a second sign-in tab open' test. (8fd9ef5), closes #3380

chore

client: Remove the unused ConfigLoader dep from cookies disabled. (5c33eb8)
deps: update to latest fxa changelog (675a95e)
docs: update node version (5a500c5)
docs: update servers and selenium version (bf92684)

docs

contributing: Mention git commit guidelines (7f3cfcd)

Features

client: Log localStorage errors on startup. (49aedc8)
client: Report email opt-in status to firstrun page. (cd7fa8b), closes #3411
client: Support the newest navigator.mediaDevices API for fetching avatars (3913f55)
docker: Additional Dockerfile for self-hosting (2db851c)
metric: Add metric to track when user successfully changes their password (14c3344)
sass: Show a spinner while loading a ProfileImage. (f360c9c)

Refactor

client: Better Account field sandboxing (d432199)
client: Further data sandboxing (afe52ee)
client: Simplify the _isEmailFirefoxDomain function. (ea29e57)

0.54.0 (2016-01-12)

Bug Fixes

client: fx-desktop-v2 broker halts before signup confirmation poll. (34c9728), closes #3330
client: Only send internal:* messages across the InterTabChannel. (1e169b8)
csp: make CSP reports more detailed, remove sample rate (41d919c), closes #3297
docs: remove outdated Docker docs (4487573)
metrics: optimize StatsD tags for performance (207556a), closes #3349
signup: disallow @firefox email field during sign up (56465b2), closes #3332
sourcemap: add head.js sourcemap (fdb822c), closes #3355
styles: fixes avatar styling to be consistent with fx desktop, fixes #3276 (e3bd998), closes #3276
styles: update age styles to work properly in latest Firefox (c6da26c)
teamcity: allow GIT_COMMIT to be set via environment (d2147c7)
tests: allow unset value of GIT_COMMIT (1dd0fd7)
tests: Fix the communication preferences tests. (ae1104f), closes #3357
tests: improve iframe functional tests (969b0b9), closes #3361

Features

client: Add a "Sync Preferences" button for fx-desktop-v3 broker. (7fd2855), closes #3079

Refactor

client: Add retrySignUp and verifySignUp to the Account model (cf6700a)
metrics: remove unused metrics tags (d086fa0), closes #3346

0.53.0 (2015-12-30)

Bug Fixes

client: focus first input in choose_what_to_sync (1196b27)
ux: fix checkbox styling in the choose what to sync screen (1653f9)
ux: minor tweak to the button spinner in mobile view (c5b40e1c)
tests: add config to run latest with node 4.x (30fc761)
tests: fix functional tests for oauth and password reset (ca18a0c)
deps: update to Intern 3.0.6 (990a8d0)
deps: update prod dependencies (7fd2b82)
snippet: remove extra Firefox for iOS string (9f4a359)

Refactor

client: Move some view based reset password logic to mixins/models (9561faf)

0.52.0 (2015-12-15)

Bug Fixes

devices: rename lastConnected to lastAccessTime (9ec1ff6)
openid: add lint and tests to openid routes (d63f8ed)
server: fix server test for post-csp (315340e), closes #3300
tests: add openid .well-known endpoint test (dd68356)
tests: fix functional test iframe failure (fad077c), closes #3306
tests: remove special rules for copied locales (28a8396)
travis: build and test on 0.10, 0.12 and 4.x (ba4d829)

Features

openid: add /.well-known/openid-configuration route (8cf2ec5), closes #3299

Refactor

client: Move deleteAccount logic from view to user.js/account.js (dbc531c)
client: Use the Account's isSignedIn method in base.js (f6bf420)

0.51.0 (2015-12-02)

Bug Fixes

devices: improve testing coverage and clean up (4163505)
docs: add browser support section (cd3a975)
experiments: bump experiments to train-51 (0de6c33)
tests: use bower@1.6.5 in teamcity tests (b9ab071)

Features

deps: update fxa-js-client to v0.1.33 (b77145b)
devices: basic device UI for the settings panel (20c305d)
l10n: Add translatable string for a "Help" link. (bdbf4b5)

Refactor

client: Move View creation logic out of router.js (74556db)

0.50.0 (2015-11-17)

Bug Fixes

avatars: updated the avatar to the latest haired one (327d67d)
client: fix name clash with web-channel events (7148184)
client: update Firefox for iOS marketing snippet (1373e4c), closes #3280
csp: Fix the default-profile.svg CSP error. Code cleanup. (4200976)
experiments: bump experiments to train 50 (a4fdd11)
l10n: remove locale copying (e0387cf)
l10n: remove redundant l10n files (b36f782), closes #3258
tests: add a way to disable client metrics stderr (64e79a5), closes #3158

Features

csp: enable report only CSP in production (2fbe096), closes #1426

Refactor

client: Convert app to the Simplified CommonJS wrapper. (6a4c81a)
client: Replace interTabMixin with notifierMixin. (2b4a3d7), closes #3244

0.49.3 (2015-11-06)

Bug Fixes

client: fix name clash with web-channel events (8e23d6d)

0.49.2 (2015-11-04)

Bug Fixes

build: adjust shrinkwrap due to a failing SHA (56e346f)
config: switch default config to use consistent server values (0a6fa42), closes #1543

Features

docs: Document WebChannel communication with the browser. (bd91b48), closes #1262

0.49.1 (2015-11-03)

Bug Fixes

client: rename broadcast to triggerAll (98b383d)
experiments: update experiments to latest branch (93111f6)
tests: fix server test for the pt locale (95ea6b6), closes #3254

0.49.0 (2015-11-02)

Bug Fixes

client: Do not use the OAuth Redirect broker to verify Sync sign ups. (f419efd), closes #3215
client: Remove /force_auth query params upon successful signin. (bb3da5e), closes #2071
client: clear query params on sign-out (0f73d4c)
client: clear relier uid on sign-out (aff6073)
client: remove debug logging from crosstab (568518b)
cwts: update "choose what to sync" design. (d05147c), closes #3183
cwts: update column design to properly align the data types (ae578e4), closes #3246
design: update "Choose what to sync" image r=vladikoff (32797fd)
l10n: copy pt_PT to pt in l10n (ef70dac)
tests: Disable grunt validate-shrinkwrap for now. (3c86c84), closes #3237
tests: close unclosed window in functional test (fdebd27)

Features

build: Add the git sha used in the build to the production JS. (998dfac), closes #2625
client: Show the button on verification tab in Fennec (5accebb), closes #3140
client: Use the BroadcastChannel instead of crosstab if available. (774ce7c)
client: Use the newest crosstab, which presents a more sane API. (3f2199f)
client: synchronise signed-in state across tabs (ecebd94)
cwts: add Choose what to sync to fx_desktop_v2 (e9b05ec), closes #3213
docs: Document all base authentication broker method parameters. (0143f04)
ios: add choose what to sync for Firefox for iOS 2 (8d797c6), closes #3139

Refactor

client: Unify callback data in InterTabChannel and Backbone.Events (9136ab5), closes #3229
client: extract hard coded key codes (b5a584b), closes #3163

0.48.0 (2015-10-20)

Bug Fixes

build: Fix the eslint indendation errors. (8f2bd3c), closes #3189
build: extend r.js timeout for building production (346fa46), closes #3166
client: Ensure /signin is visible when users sign out after verification (dc67988), closes #3187
client: Log the correct screen name for the settings panels. (ee07505), closes #3029
client: Only allow one profile request per account per tab session. (c7067cd)
client: Suppress spurious login messages to the browser. (23fbe8b), closes #3078
coppa: move to age input coppa (2341e83), closes #3137
experiments: bump to train 48 experiments (97b30f2)
links: align secondary links (10309fb)
messages: misaligned success and error messages (00ccec5)
metrics: Fix the refresh metrics when refreshing a settings subpanel. (d4a5307), closes #3172
settings: add floating labels to delete account and display name (6f3e650), closes #2848
settings: make header bottom margin uniform (ed6981c)
settings: remove underline on links (ee7235e)
signup: tooltips no longer removed when pressing an arrow key (80ae84b), closes #1858
tests: Fix functional tests when run against a remote server. (21b19b7), closes #3174 #3182
tests: Fix the communication preferences tests. (9b6762c), closes #3176
tests: Force installation of fxa-jwtool for the oauth server (9a99eea)

Features

coppa: better support for COPPA warning on FxiOS (abbb302), closes #3164
ios: hide "Choose what to sync" for fx_ios_v1 (5c6bf2a), closes #3141

Refactor

basket: extricate basket proxy server into its own repo. (0882f5f)
client: Extract router.onAnchorWatch into a new view, AppView. (292d725)
client: Simplify the floating placeholder mixin logic. (d0f3aca)
client: move router.showView logic to the AppView. (d00708d)
test: Allow fillOutSignUp to accept an optional age. (2646dd4)
tests: Reduce boilerplate in the settings functional tests. (607f672)

0.47.1 (2015-10-07)

Bug Fixes

lint: disable object-literal-order-checking in basket proxy server. (a4ebfd5)
basket: revert "refactor(basket): extricate basket proxy server into its own repo."

0.47.0 (2015-10-06)

Bug Fixes

checkbox: make custom checkbox label clickable (5a7dcc6), closes #3132
client: Fix the confirm_reset_password screen polling logic & tests. (6cd7dc1), closes #2483
client: Show the success message for 5 seconds to help functional tests. (10a882f)
config: copy 'local.json-dist' to 'local.json' if it don't exists (0eefb94), closes #2619
deps: bump dependencies (6964d0c), closes #3064
l10n: Do not show fuzzy strings to users. (e1fe471), closes #3113
server: Fix server crash if metrics event does not include type (0703cc0), closes #1208397
settings: Unblock rendering of settings on communication prefs screen (2118e53), closes #3061
settings: clean up compressed landscape layout (aa585af)
signup: show red border only after tooltip rendered (ef08d86), closes #1865
styles: make setting header UI better (b907fdc), closes #3055

Features

build: Object literals must be sorted alphabetically. (8067c62)
client: Add View behavior functions instead of passing around objects. (4af0916)
client: Add support for new fennec screens. (8698f01)
client: Add the beginning states of capabilities. (ec9ddab)
client: Choose what to sync on the web (9beaaad)
client: Follow on /settings updates. (20faf0e)
client: Start on view behaviors. (ba0b7bc)
i18n: Enable Romanian (05abfd1), closes #3125
metrics: Add a loaded event that is logged after first screen render. (404bc9b), closes #3100
signup: add new checkbox style (5633045), closes #2302
test: Add more /force_auth functional tests. (3afdc32)

Refactor

basket: extricate basket proxy server into its own repo. (2b53107)
client: Start email confirmation polling in afterVisible. (a37eb6f)

0.46.0 (2015-09-23)

Bug Fixes

client: Only one sessionStatus check call should be made from /settings (51bc0c5), closes #3007
client: Reuse assertions for a given sessionToken for the duration of the browser tab. (2bf08ab), closes #3085
client: Smooth out the /settings page load. (207dfd6)
styles: adjust line-height for settings (0d4af0b), closes #3052
tests: Fx updates, improve progress output (fbeba0f)
tests: on first time, run the update (a7769bc)
tests: only update lastupdate file on success (b7b0921)

Features

openid: base OpenID login (as xhr) (25bba0f)

Refactor

client: Alphabetize deps and hash keys in metrics.js (4756620)
client: Alphabetize deps, routes and object keys in router.js (092f37b)
client: Rename the FxDesktopRelier to the SyncRelier (2e11bf0)
client: Tease appart the FxSync and FxDesktopV1 auth brokers. (cc963ab)
server: Alphabetize the FRONTEND_ROUTES array. (0474246)
test: Alphabetize the routes to test in the pages functional test. (719c67c)

0.45.1 (2015-09-17)

Bug Fixes

force_auth: make sure force_auth supports the Firefox password manager (01bcd8e), closes #3049
style: Fix the signin/signup width on mobile devices. (39e2ada), closes #3060
tests: Fix the cookies disabled functional tests. (002b899), closes #3066

0.45.0 (2015-09-11)

Bug Fixes

avatar: correctly center camera preview (ae9ee07)
avatars: render the camera preview properly in portrait and landscape mode (d33e369)
build: adjust eslint settings (ff1fd47)
client: Allow the firstrun flow to halt after signin. (9686548), closes #2945
client: Clear form prefill info after signin/signup/signout. (91f0608), closes #3034
experiments: include confirm view verification (d976d3c)
l10n: remove const keyword that breaks acorn JS parser (32afb92), closes #3005
lint: disallow const keyword (0b88aca)
metrics: prevent utm parameters from being dropped after verification (edde78a), closes #2937
styles: adjust specific signup input help styles (47ad129)
tests: add proper promise return to firstrun (1882757)
tests: adjust experiment return signup url (354f88a), closes #3047
tests: update iOS signup tests to refelect new exclude_signup=1 behaviour (79c2de4), closes #3030
tests: update travis to firefox 40 (0f0f955)
version: use explicit path with git-config (cec9e9f)

Features

delete_account: notify observers of a logout event (d74c972), closes #2993
l10n: add fa as a supported locale. (7690dcd)
metrics: Send navigationTiming stats to StatsD. (0842fa4)
metrics: add ga pageviews (b7830c8), closes #2898
settings: "forgot password" affordance to change password (936c64b), closes #994
verification: organize verification experiments (07a6b6d), closes #2673

Refactor

client: Add BaseExperiment.extend to simplify experiment extension. (24cf4b8)
client: Cleanup and unification. (b563c3e)
client: Move back button related code from base.js to back-mixin.js (230510d)
client: Only allow exclude_signup=1 if the context=fx_ios_v1 (9d9d560)
client: Pass a NullStorage instance to experiments for unit tests. (aacffd2)
experiments: add docs, change to view.notify, fix up tests (e0d1b2f)

0.44.1 (2015-08-25)

Bug Fixes

account: handle unverified attempts to request profile data (ba49d4b)
avatars: allow users to change their avatar if they have/had one (4efe6fd)
avatars: use an error object instead of string to ensure it is not logged twice (487abc5)
client: Handle the entryPoint query parameter. (67b54fc), closes #2885
client: Only make profile requests if a valid accessToken exists. (f73ccde)
deps: update dev dependencies (e6ee68f)
deps: update grunt-contrib-uglify to 0.9.2 (7caf769)
deps: update to express-able 0.4.4 (0a22e00)
easteregg: update easter egg SHA (9a9f7e3)
firstrun: increase response timeout for iframing (89d8d08)
forms: disable spellcheck (cc03c33), closes #2910
forms: remove spellcheck from reset_password (bfe7b0d)
input: remove autocapitalize on iOS (2ef1174)
metrics: Provide more detailed logging for errors fetching /config (e149da2)
metrics: measure how helpful mailcheck is (ff13860), closes #2819
metrics: move screen metrics to ga from datadog (8c2731f), closes #2614
profile: avoid creating new instances of account (981660c)
profile: do not request an access token when saving an account (59efae0)
reset: improve the reset password caveat copy (0d32d07), closes #2762
sentry: remove noise from referer header in sentry (d6ad1cf)
server: add server route for /unexpected_error (c1342ef)
settings: always show avatars and fix modal cancel buttons (a1422a9)
settings: clean up amd dependencies (a885945)
settings: escape display name (0f21cdc)
settings: fix avatar modal (c2a8c6b)
settings: fix gravatar permission screen within modal (a1ad7cb)
settings: fix lint errors and mocha failures (46d49a0)
settings: fix page titles and other nits (36b3302)
settings: fix short page styling (cd19bb0), closes #2862
settings: move sub panel logic from settings to a separate subPanel component (a5a56e8)
settings: prevent flicker when leaving settings page (55f8936)
settings: refactor sub panel template so that it is not empty (0d484e3)
src: Fix a typo: UNVERIFIED=>UNVERIFIED_ACCOUNT (b40b735)
strings: change "Already have an account?" to "Have an account?" (2d28f3e), closes #2753
tests: Fix the failing avatar functional tests. (fb59c19), closes #2987
tests: Speed up the iframe origin tests. (e908d70), closes #2986
tests: do not compare flushTime property in storage-metrics tests (72cf1bc), closes #2984
tests: fix gravatar permission tests (56d9e1c)
tests: fix typo in tests (aa496ed)
tests: fix up flaky test for desktop credentials (c078458)
tests: remove misguided time-based assertion (2782f0a)
tests: restore functional tests (72d4969)
tests: switch from teardown and setup to improve stability (6a33723)
travis: install auth, oauth and profile servers for travis (26e768e)
user: cache the signed in account instance to reduce token fetching (8737367)
view: log errors in extended views initialize() (b08b5ac), closes #2964

Features

client: Cache busting on-demand load. (88c8f32)
client: Start on the FxFennecV1AuthenticationBroker (3095f21)
coppa: input based COPPA (64bfe86), closes #2108
deps: update production dependencies (ecbf309)
docs: Document email validation errors for signin/signup. (da90143), closes #2909
l10n: add en-GB as a supported locale. (bacd99e), closes #2942
metrics: add queue time to analytics (d62891d), closes #2903
sentry: include version in Sentry reports (a53db95), closes #2724
signup: Password Strength Checker (166b5e1)

0.44.0 (2015-08-24)

Bug Fixes

account: handle unverified attempts to request profile data (ba49d4b)
avatars: use an error object instead of string to ensure it is not logged twice (487abc5)
client: Handle the entryPoint query parameter. (67b54fc), closes #2885
client: Only make profile requests if a valid accessToken exists. (f73ccde)
deps: update dev dependencies (e6ee68f)
deps: update grunt-contrib-uglify to 0.9.2 (7caf769)
deps: update to express-able 0.4.4 (0a22e00)
easteregg: update easter egg SHA (9a9f7e3)
firstrun: increase response timeout for iframing (89d8d08)
forms: disable spellcheck (cc03c33), closes #2910
forms: remove spellcheck from reset_password (bfe7b0d)
input: remove autocapitalize on iOS (2ef1174)
metrics: Provide more detailed logging for errors fetching /config (e149da2)
metrics: measure how helpful mailcheck is (ff13860), closes #2819
metrics: move screen metrics to ga from datadog (8c2731f), closes #2614
profile: avoid creating new instances of account (981660c)
profile: do not request an access token when saving an account (59efae0)
reset: improve the reset password caveat copy (0d32d07), closes #2762
sentry: remove noise from referer header in sentry (d6ad1cf)
server: add server route for /unexpected_error (c1342ef)
src: Fix a typo: UNVERIFIED=>UNVERIFIED_ACCOUNT (b40b735)
strings: change "Already have an account?" to "Have an account?" (2d28f3e), closes #2753
tests: Fix the failing avatar functional tests. (fb59c19), closes #2987
tests: Speed up the iframe origin tests. (e908d70), closes #2986
tests: do not compare flushTime property in storage-metrics tests (72cf1bc), closes #2984
tests: fix gravatar permission tests (56d9e1c)
tests: fix typo in tests (aa496ed)
tests: fix up flaky test for desktop credentials (c078458)
tests: remove misguided time-based assertion (2782f0a)
tests: restore functional tests (72d4969)
tests: switch from teardown and setup to improve stability (6a33723)
user: cache the signed in account instance to reduce token fetching (8737367)
view: log errors in extended views initialize() (b08b5ac), closes #2964

Features

client: Cache busting on-demand load. (88c8f32)
client: Start on the FxFennecV1AuthenticationBroker (3095f21)
coppa: input based COPPA (64bfe86), closes #2108
deps: update production dependencies (ecbf309)
docs: Document email validation errors for signin/signup. (da90143), closes #2909
l10n: add en-GB as a supported locale. (bacd99e), closes #2942
metrics: add queue time to analytics (d62891d), closes #2903
sentry: include version in Sentry reports (a53db95), closes #2724
signup: Password Strength Checker (166b5e1)

0.43.0 (2015-08-04)

chore

chore(client): Add the Sync migration strings to strings.js (ac20b86)
chore(deps): Bump out of date deps. (d0b8915), closes #2784
chore(deps): update development dependencies (bf9f563)
chore(deps): update grunt-eslint to 16.0.0 (677a4c0)
chore(dev): add 'npm run start-production' command to make it easier to run the server in prod mode (679eeaf)
chore(docs): Fix a typo in the firstrun docs. (15f26ac)
chore(docs): Update the commit body guidelines to include the issue number (fcf4058)
chore(l10n): update pot files (164b9e7)
chore(lint): Remove the eslint complexity checks (3592d79)
chore(sass): update sass (cf5dadf)
chore(strings): add choose what to sync strings (73194ed)
chore(travis): remove libgmp-dev (492fd94)
chore(travis): update Travis to use npm 2 (7d6ac7d)

feat

feat(client): Add the FxiOSV1 Authentication Broker. (5cff1f4), closes #2860
feat(client): Provide fx_ios_v1 context string for use by FxiOS (2767a26), closes #2861
feat(client): redirect to the requested page after successful login (ccfbef4), closes #2821
feat(client): sign in/up messaging for migrating users (88a56ac)
feat(content-server): Easter egg for Cloud Services (70e1998), closes #2470
feat(deps): updating production dependencies (26c26f1)
feat(docs): Add info about the firstrun communication protocol. (6e18531)
feat(l10n): Add support for Hindi (hi) and Hindi-India (hi-IN). (c45edce)
feat(l10n): check if translated urls are valid (5d378e1), closes #2763
feat(test): Add signin functional tests for Fx on iOS. (bf4fadf)
Merge pull request #2686 from mozilla/convert-iframe-channel (9ec6b18)
Merge pull request #2737 from mozilla/phil/issue-2493 (6601361), closes #2493
Merge pull request #2781 from TDA/issue-2470-easter-egg-redesigned (131171c)
Merge pull request #2803 from mozilla/document-firstrun-protocol (456449e)
Merge pull request #2804 from mozilla/firstrun-docs-typo (bd43972)
Merge pull request #2805 from vladikoff/issue-2763-verify-translated-urls (dff66fa)
Merge pull request #2806 from mozilla/bump-eslint (34c6e30)
Merge pull request #2807 from vladikoff/update-deps-t43 (c7c4a18)
Merge pull request #2808 from vladikoff/prod-start (d679f9a)
Merge pull request #2809 from vladikoff/devdeps-t43 (94d56d7)
Merge pull request #2812 from mozilla/ios-metrics-missing (48dee30)
Merge pull request #2813 from mozilla/phil/issue-2493-postponed-navigation (8de80bf)
Merge pull request #2814 from mozilla/issue-2784-outdated-deps (8eda711)
Merge pull request #2816 from mozilla/issues-2513-2623-normalize-auth-errors (c144c51)
Merge pull request #2822 from eoger/issue-2821 (dcab648)
Merge pull request #2823 from mozilla/phil/issue-2786 (ee4443f)
Merge pull request #2826 from mozilla/issue-2789-de-eslint-complexity (b8db477)
Merge pull request #2833 from mozilla/issue-2830-correct-oauth-errors (d60dd9d)
Merge pull request #2839 from mozilla/add-hindi-support (0ccfb8d)
Merge pull request #2840 from eoger/issue-2837 (b98e8f3)
Merge pull request #2841 from mozilla/update-sass (e976839)
Merge pull request #2845 from mozilla/issue-2844-merge-warning-firstrun (0efbe4e)
Merge pull request #2846 from vladikoff/npm2 (4ed0589)
Merge pull request #2847 from eoger/contributing-body-fixes (640f6ac)
Merge pull request #2851 from mozilla/issue-2850-invalid-client-id (3bb62ae)
Merge pull request #2853 from mozilla/issue-2658-firstrun-signout (4b6ab6a)
Merge pull request #2854 from mozilla/remove-libgmp-dev (93f3641)
Merge pull request #2857 from mozilla/issue-2856-metrics-screen-name-order (73d8587)
Merge pull request #2859 from mozilla/issue-2858-one-mailcheckEnabled-choice (74160d5)
Merge pull request #2863 from mozilla/issue-2786-strings (d3eace6)
Merge pull request #2865 from mozilla/rfk/fx-ios-v1-context (c39d365)
Merge pull request #2866 from mozilla/constant-names (5cf3012)
Merge pull request #2868 from mozilla/issue-2860-no-signup-fx-ios (719b2ae)
Merge pull request #2869 from mozilla/choose-sync-strings (40783dc)
Merge pull request #2871 from mozilla/rfk/basket-api-timeout (42b73e2)
Merge pull request #2875 from vladikoff/i2495 (b4dc552)
Merge pull request #2876 from vladikoff/migrate-test-fix (66dcd79)
Merge pull request #2878 from vladikoff/exp43 (9b6beda)

fix

fix(avatar): cropper resize tests are more accurate (8c7f362)
fix(avatars): fixes blank avatars when session is expired (3d0e7eb), closes #2495
fix(basket): add explicit timeout when proxying to basket api. (7fde0f5)
fix(client): Do not allow firstrun Sync based flows to sign out. (a28fce6), closes #2658
fix(client): Fix incorrect OAuth errors in error table. (78ba49e), closes #2830
fix(client): Fix merge warning handling in the firstrun flow. (4914b73), closes #2844
fix(client): Invalid client id's show a 400 page, not 500. (cd898f5), closes #2850
fix(client): Normalize all errors from the Auth Server. (3a45d1a), closes #2513 #2623
fix(experiments): add train-43 experiments (9fa1fd4)
fix(metrics): Ensure a screen's name is logged before any of it's events. (25971d1), closes #2856
fix(metrics): Only check whether mailcheck is enabled once. (6de03f1), closes #2858
fix(metrics): minimize flush timeout and flush event metrics on blur event (5b22cb3), closes #2577
fix(metrics): postpone OAuth navigation until metrics are flushed (503e670)
fix(metrics): use sendBeacon where available (d45586e)
fix(tests): better migration message functional tests (ecb28ea)
fix(tests): use "afterEach" instead of "teardown" for sync settings tests (f49cafb)

refactor

refactor(client): Rename FX_DESKTOP_CONTEXT to FX_DESKTOP_V1_CONTEXT (146dd54)
refactor(client): Rename FX_DESKTOP_SYNC to SYNC_SERVICE. (5dc8b7a)
refactor(client): Simplify the app-start error reporting/redirection. (918ff9c)
refactor(client): The IframeChannel is now DuplexChannel based. (aa15de2)

0.42.0 (2015-07-21)

Bug Fixes

able: update shrinkwrap (d8fa3019)
avatars:
- resize avatars before cropping them (decc26c8)
- error message does not overlap with the default avatar anymore (5f5284f7)
- ensure uploaded avatars dimensions are 100x100px at least (43580105)
- replace the word Home by Back (c8b9bb10)
client:
- Hide the border around the marketing snippet for the firstrun flow. (a84e2546)
- Ensure COPPA errors are logged. (628b62c8)
- Handle 4xx and 5xx Basket errors. (bc862acb)
- Ensure the password manager has an email to work with. (ff38e16a)
- Firstrun flow should not halt the screens after login. (a178fa0b)
config:
- add production experiments config file (8c87743d)
- use dev branch of experiments (0f3bdbc2)
cookies: redirect to /cookies_disabled if storage is disabled (a24931f2, closes #2480)
forms: fixes regression with the floating placeholder (d9853f00, closes #2739)
log: log errors with no message (37af6e2a)
metrics: include coppa errors in metrics (3b5841a5, closes #2512)
oauth: handle short-lived access tokens for profile server requests (b372c806)
server:
- remove 'Fxa requires JavaScript' message in ie8/9 Add conditional comment to not (158c041b, closes #2279)
- let server task fail if port is in use (fb175809)
signin: Hide the Unauthorized avatar error (bc17e796)
styles: Hide the service name in the firstrun flow. (4d98dd1a)
sync: do not send sessionTokenContext to Firefox Sync (5b29830b, closes #2766)
tests:
- show the firefox --version in test logs (f1c60a29)
- only log "waiting" if too many attempts (427ef395)
- set metrics.sample_rate based on FxaDevBox too (8b7d469e)
- allow override of expected value from remote server (3e734189)
- add fxaDevBox config param (6688dd73)
- only update Fx binaries if they are stale (989243e5)
- add a test runner for intern_server tests (1e551e37)

Features

avatars: enable the gravatar option with permission prompt (c2b5d96c, closes #2053)
client:
- Send a signup_must_verify event to the firstrun page on signup. (da411363)
- update to fxa-js-client 0.1.30 (d81207c5)
- firstrun - notify the parent of important events. (aade4c77)
- Pass Google Analytics query params to metrics. (b0f273a2)
- Preserve uniqueUserId across email verifiation. (84063546)
- campaign and entrypoint are sent to metrics on verification. (2c354ae0)
- Add support for context=fx_desktop_v2 (8830562a)
metrics:
- add server google analytics events (c549edfb)
- Report all metrics to our backend. (bf71368e)
- add timing metrics to the statsd collector (90c95c7f)

0.41.1 (2015-07-08)

Bug Fixes

templates: fixes issues with 50*.html templates in production mode (09e95013, closes #2663)

0.41.0 (2015-07-08)

Bug Fixes

avatars: Fix float imprecision errors when saving cropped image (b241c698)
client: Mozilla Payments flow is not considered an iframe. (82c1981d)
content-server: open TOS/PP in new tab if inside an iframe Check for presence of link inside ifr (a556142e, closes #2351)
icons: add a precomposed icon for apple devices to avoid extra 404 requests (df4dccd7, closes #2655)
lint: Fix the eslint camelcase errors. (b352476a)
marketing: add a bit of top margin to the opt in (042c210f)
styles: Fix the header spacing for the firstrun flow. (b855a72b)
tests:
- check that content in all expected languages is available (89591f00)
- adjust code to support IE10 (a1c7c203, closes #2378)

Features

avatars: add metrics for avatar cropping operations (79c05c97)
metrics: add Sentry metrics for front-end errors (9c11f69a)
oauth: allow access_type query parameter (ebcc10d4)
signup: adds mailcheck + ab testing (1553651d)

Breaking Changes

Developer's local.json needs to be updated to remove the api_proxy configuration parameter. (d69a64b1)

0.40.0 (2015-06-29)

Bug Fixes

avatars: rounded camera cropper in google chrome (5c4a1264)
basket: add a bit more logging to basket-proxy-server (2de3d6aa)
build: revert use script and force it to use function mode (faa0a02d)
client:
- Supress the malformed WebChannelMessageToContent log for errors (531a2259)
- Fix the submit button on communcation preferences page. (fa0df9c7)
lint: remove "use strict" from server code (745e569b, closes #2558)
server: inconsistent use of 'use strict' (38ab1c05, closes #1318)
tests:
- restore first tests to run are signin and signup (c3d474a1)
- use the regularly updated firefox binaries (8bb8e3b4)
- fix Basket functional tests (6adf3c0d)
- add a run script for beta on latest (bcb0e699)

Features

client:
- Notify IFRAME reliers when the content height changes. (c698324b)
- Add Easter Egg to Content Server (0a5ea8ed)
metrics: add uuid for metrics and able purposes (89ac7a58)
server: Support /v1/reset_password (043f6221)
style: The chromeless style hides the header. (7b12bbf6)

0.39.0 (2015-06-09)

Bug Fixes

avatars:
- allow users to change their avatar if they have/had one (e6a9cd0d)
- disable the gravatar option on avatar change (153f3d4c)
basket:
- only destroy the token if we successfully acquired one (de4c26c7)
- URI-encode email address in basket server urls. (a43061d3)
basket-proxy: tighten up param checking and logging (fa5aa01d)
client: Continue email verification flow on Basket server error. (919e64db)
docs: add verification_redirect to query params (5dff0821, closes #2438)
form: fixes form autofill for Firefox and paste for iOS (9b062568)
metrics: measure when users add or modify their profile picture. (e5b35659, closes #2294)
npm: move request to production dependency (dcd6a50c)
oauth: sanitize scope of untrusted reliers (f80a57fb)
test: Fix refreshes_metrics functional test on Firefox 18 (52c88e54)
tests:
- more improvements to avatar tests to avoid remote timeouts (c7a44841)
- improve legal copy tests and update avatar tests (11104f77)
- skip functional/email_opt_in test if fxaProduction=true (c7fbe52c)
- wait for ".error" to be visible; fixes #2475 (8ab41765)

Features

Email opt-in. (8c4246ec)
build: Compress the HTML files (39667b9a)
server: add basket proxy server (4cbfed3d)
tests: Add metrics in functional tests (18658991)

0.38.1 (2015-05-28)

Bug Fixes

oauth: sanitize scope of untrusted reliers (619b3429)
tests: wait for ".error" to be visible; fixes #2475 (436a47c7)

0.38.0 (2015-05-26)

Bug Fixes

avatars:
- Redirect to settings/avatar/change on error (6b6a5f77)
- cache the profile image after fetching (30601d4f, closes #2429)
client: Invalid scopes is an error message. (3f42a328)
docs:
- add <screen_name>.refresh metrics event (d30a95b2)
- add confirm resend metrics event (492f8bbf)
- fix metrics documentation headers (dc24d386)
metrics:
- set metrics to 1 in local dev (5599e91d)
- metrics for signout. (455da813, closes #2295)
oauth:
- strip permissions that are not on the whitelist (a6a22c0a)
- update verification_redirect to always redirect in same browser or show "proceed (3be6da92, closes #2436, #2402)
tests:
- improve progress indicator coverage (51cb1058, closes #2465)
- remove Test lib from verification_redirect (a38d8082)
- update travis to firefox 38 (35d0027f)
- Update the submit button selector for the permissions screen tests. (e67cbc30)

Features

/ can be framed by allowed reliers. (aedfae9e)
client: Pass along a service and reason whenever signing a user in. (32812392)
lib: storage lib is now able to use sessionStorage (33c53def)
metrics: measure page reloads by user (29ede010)
oauth: signal action=signup or action=signin at end of oauth flow. (9016164b)

0.37.1 (2015-05-14)

Bug Fixes

metrics: track account deleted events (2c296a44, closes #2297)
oauth: serviceUri is not used for now so remove it (b361aba3)
tests: increase timeout for password reset tests (10a3fc6c)

0.37.0 (2015-05-13)

Bug Fixes

client:
- Ensure ask-password metrics are only logged once. (bc336543)
- getUserMedia check for avatar change. (0a0405bd)
oauth:
- bring back oauth session clearing to WebChannels (7487fe65)
- Ensure we can derive relier keys during the signup flow. (fd2fc72d)
signup: make email suggestion tooltip keyboard accessible (6d40efbb, closes #2185)
tests:
- Fix the oauth permissions tests. (2b479e1e)
- more timeout and fix element .end() for OAuth tests (6296db62)
- add untrusted app to TeamCity configs (33a97662)
- stabilize tos and pp functional tests (50994dc6)

Features

client:
- Sync over WebChannel glue (92b118c9)
- Add a DuplexChannel, convert the WebChannel to a duplex channel. (9b1ebb1e)
metrics:
- Log metrics about whether we ask for a password at signin: (838c365e)
- adds DataDog integration (d10b0de0)
oauth:
- 'verification_redirect' option for OAuth reliers (a5fdaee9)
- show permission screen for untrusted reliers (123821de)
- suggest account to use during sign up if possible (7fc06358)
test: Print unit test names when they fail in travis. (08932c5a)

0.36.3 (2015-05-01)

Bug Fixes

tests: stabilize tos and pp functional tests (d14d608a)

0.36.2 (2015-04-30)

Features

oauth: suggest account to use during sign up if possible (186b2d74)

0.36.1 (2015-04-29)

Bug Fixes

client: If a relier wants keys, give them keys. (519ca117)

0.36.0 (2015-04-27)

Bug Fixes

csp: use only the origin part of fxaccount_url (with /v1 is a csp violation) (db55881b)
css: Show links in TOS/PP text next to the original anchor text. (5fcb9664)
icons: fixes 404s for iOS icons (e488c8af, closes #2062)
l10n:
- missing legal template redirect should start with "/" (0498008a)
- copy es-ES legal templates to es (76d895a1, closes #2305)
styles: Hide the top-right Mozilla link if signing into Sync on Fx for iOS (a536e557)
test: make asyncTimeout settable from the intern command line (77ddde9b)

Features

client: Add the change_password and delete_account messages to the FxDesktop broker. (56306f10)
test: Add env-test.js unit tests. (207a84ce)

0.35.0 (2015-04-13)

Bug Fixes

auth-broker: fixes fx-desktop channel tests for FF18 and FxOS 1.* (2cadc2bd)
avatars: show a default avatar if a uploaded avatar does not load (cbdc5a11, closes #1804)
client: Replace the ﬁ with fi (no ligature). (43a402ef)
csp:
- use camelCase option keys instead of e.g., "img-src" (730939aa)
- improve content-security-policy configuration (bad1e80d)
jscs: allow the 'other' quote mark to be used, but only to avoid having to escape (b4fc1fda)
server:
- Serve HTML templates for TOS/PP if Accept header is not text/partial (3207c1d8)
- migrate to Express 4 (bc008ce4, closes #2214)
settings: allow settings page redirect to work with extra query params (4f8d64c0, closes #2301)
teamcity: replace execSync with sync-exec module (57cf75a1)
test: add missing "/v1" on FXA_AUTH_ROOT (09b8ca91)
tests:
- tasks for running latest-beta and latest-esr builds in stage (1c84e7f8)
- create a task to ensure latest release, beta and esr builds are available (bceb2e22)

Features

client: Add "Chromeless" styling - remove all the extra stuff. (b17dc56b)
docs: Add documentation about the accepted query parameters. (295fc00e)

0.34.0 (2015-03-31)

Bug Fixes

client:
- Only send postMessages to and from the expected parent when using the iframe. (0a453d1c)
- Channel timeouts are informative, they no longer throw errors. (0b7770c1)
- Extract the COPPA datepicker logic into its own module. (a368072d)
l10n: sv is no longer maintained, copy strings from sv-SE (7d28bfcd, closes #1773)
server: Translate static pages (in dev mode too!). (28e5759d)
test: Fix the account locked tests when run against latest. (45073cf6)

Features

client: Add the account locked flows. (8e405298)
settings: redirect to avatar change page when query param setting=avatar (344f9c70, closes #2249)

0.33.0 (2015-03-16)

Bug Fixes

client:
- Use standard error formats for expired and damaged verification links. (86384b2f)
- Opt in to the iframe broker. (09b9bac2)
- Ensure console errors are displayed in Firefox on catastrophic startup error. (47a8c299)
docs:
- Update docs for the new iframe message format. (20121dc7)
- Correct the documentation of the afterResetPasswordConfirmationPoll function. (033ad26e)
tests: Start the auth-db server for travis. (8f21f017)

Features

channels: broadcast messages across across all channels (dfacd358, closes #2095)
docs: Document the email suggestion events. (29b0fadb)

0.32.0 (2015-03-03)

Bug Fixes

avatars:
- show error if avatar removal fails (9dcd9b65)
- fix avatar image uploads (1e6ecd8a)
- prevent flicker when loading avatars on settings pages (c3be4f45, closes #2105)
build: simple default grunt command (9f101ee1)
client:
- Simplify the message serialization for the iframe channel. (1af5009d)
- Add "successfully" to most success messages. (ec4b4fcc)
errors: reverts the "Invalid verification code" string back to normal. r=vladikoff (14cbf41d)
l10n: join server templates so email strings are not overwritten (b0898f76)
pages: 502 pages should be allowed to be iframed (00e69196, closes #2056)
router:
- make sure loaded message is still sent after a view render error (79c93978)
- anchor event handler should handle event bubbling (cd4a64ca)
server: Ensure templates render text in dev mode. (b7c5eb0a)

Features

docker: Dockerfile and README update for basic docker development workflow (4b244644)
docs: Document the iframe protocol. (02e0fc49)
login: indicate whether the account is verified in the fx-desktop channel (6c5c0c42, closes #2094)
oauth: Expose relier-specific encryption keys to OAuth WebChannel reliers. (a0318c28, closes #2088)
signup: suggest proper email spelling (a825a83f, closes #871)
tests: Boost the test coverage of router.js (0e7d06e6)

0.31.0 (2015-02-17)

Bug Fixes

client: Redirect to /settings for direct access users who verify signup or password re (31e4b2c6)
metrics: track window.onerror (4f9bd296)

Features

metrics: Log more screen info (85a05e41)

0.30.0 (2015-02-02)

Bug Fixes

avatars: fixes Firefox 18 dataType json request (005c9f5d, closes #1930)
l10n: use en as the default language instead of en-US (8f599d54, closes #2072)
xhr: send correct JSON content-type and accept headers to api servers (8dc69d0b)

Features

avatars: set the account by uid when visiting avatar pages (d9f5649e, closes #1974, #1876)
client: Add a loaded message for the fx-desktop and iframe brokers. (c9ca23e8)
l10n: add az locale to list (0acd097e, closes #1774)
metrics:
- Add signup.customizeSync.(true|false) metrics. (919f9281)
- Log whether the user changes the password visibility. (13b2b835)

0.29.0 (2015-01-20)

Bug Fixes

avatars: make avatar navigation l10n friendly (014b4ec5, closes #1729)
client:
- Do not display errors after window.beforeunload is triggerred. (2e080e81)
- Disable the sign up confirmation poll for Sync. (e6421a71)
- Only request keys from the server for Sync users. (283b41b4)
iframe: fixes styling issues caused by the iframe environment #2 (9347d818, closes #2010)
logging: switch to mozlog (a346b9d1, closes #1994)
signin: better reject with errors (2e6c3bbd, closes #2031)
tests:
- fail when not enough coverage, add more oauth-errors coverage (87be18f7)
- better functional tests for age dropdowns (01c70f95)

Features

Check for required OAuth parameters on startup. (52f65f78)
client:
- force_auth action for oauth! (82a6c0be)
- Give the relier the ability to overrule cached credentials. (74cb38e1)
docs: Start on an architecture doc (4a3c0540)
error-pages: add a static 502.html error page for nginx to route to (fe343454)

0.28.0 (2015-01-05)

Bug Fixes

account: filter account.toJSON (6044aa6d)
build: generate sourcemaps (fdcf92fd, closes #258)
client:
- We broke password managers with autocomplete=off on password fields! (7df783f2)
- OAuth/redirect users who paste the verification link into the original tab shoul (86b1c5cb)
- Allow Fx18 to use the iframe flow. (c2020f85)
docs: update AUTHORS list (09aec587, closes #1981)
iframe: fixes styling issues caused by the iframe environment (740006de, closes #2010)
metrics: Convert all _ in screen names to -. (726d9017)
server: Allow the 500 and 503 pages to be iframed. (b25faa2c)
signin:
- set the current account after logging in with cached sync account (9732f05f)
- pass account data to broker instead of using currentUser (aeb4aa15, closes #1973)
styles: make sure normalize.css is used in production (28ff205e, closes #1997)
sync: correct a typo that voided the customize sync option (8f78e1d6)
tests: fix up select dropdown (995a8a5a)

Features

client: An Fx Sync relier can specify customizeSync=true to force the Customize Sync c (a4a26f91)
metrics: Report distinct metrics codes for missing and invalid emails (71489471)

0.27.0 (2014-12-08)

Bug Fixes

client:
- WebChannel/Hello screen and event fixes. (e67d2158)
- Ensure the web-channel flows match expected behavior. (0cbcf9a6)
- Show the back button for reset_password, even if an email is on the URL query st (9e293664)
- Go to the /cookies_disabled screen instead of the /500 screen if cookies are dis (e9433b7a)
confirm: redirect to signup on bounced email error (bb3c8d8c, closes #1902)
docs: add Bower usage to CONTRIBUTING (dc9db2d7)
l10n: use a less spammy email headline (f2efc82b, closes #1849)
metrics: Show the correct screen name in the iframe flow metrics. (44c630b5)
signup: block signup attempts with @firefox.com emails. (b41389fc, closes #1859)
style: marketing snippet offset (ddbacce7)
styles: no more underscored classes (46e0cc0e)
test:
- allow custom Firefox binary locations for tests (4338d193)
- check that signin is complete before proceeding (ad07160d)
- No longer redirect on the web channel tests. (21863591)
- Fix the 'Unexpected error' flash in the sign_in tests. (58780398)
- Remove the inter-test dependencies in the reset-password tests. (1a198fdd)
tests:
- add iframe app to latest tester (d5216304, closes #1959)
- update sauce tests to firefox 33 (d5884034)
- fix avatar crop transition. (89b8225c, closes #1836)

Features

client:
- Add the iframe flow. (8561ec3c)
- Allow TLD only domain names in email addresses (e3487a04)
metrics:
- Add the campaign metric. (21e18a96)
- Add the isMigration field to the reported metrics. (d9f7ddd1)
test: Add more functional tests! (a43d65f9)

0.26.2 (2014-11-20)

Bug Fixes

client: Go to the /cookies_disabled screen instead of the /500 screen if cookies are dis (d12d6ec8)

0.26.1 (2014-11-17)

Bug Fixes

l10n: update the header font mixin name for locales that use system fonts (60d05bb9)

0.26.0 (2014-11-14)

Bug Fixes

accounts: only fetch access token if verified (d3168850)
avatars:
- ensure the default image background is covered by the profile image (387e3246)
- load profile image on settings and sign in pages if available (382c9db9, closes #1727)
broker: fix desktop broker to forward account data before confirm (0492140e)
client:
- Fixed missing spinner on subsequent requests. (910ff4dd)
- Notify Sync of unverified logins and signups before the user verifies her email (8943f1f7)
- The Sync flow should not notify the browser of login after the signup confirmati (3ba53720)
- Autofocus on /signup works again. (7f142421)
- The FxDesktop broker no longer sends the session_status message on startup. (8f414c4a)
- Ensure the spinner stays spinning after signin for Sync/OAuth. (5c74b8a2)
- Do not fail on startup if cookies or access to dom.storage is disabled. (e084cba7)
- Ensure the Loop initiated reset password verification flow sends OAuth credentia (a91e27b5)
images: optimize images with new optipng (780ff760)
style:
- remove end padding from text inputs (07dacd9d)
- tos/pn layout overlap (53d8a7b3)
styles:
- spinning wheel affects button height (3d536417)
- show password border radius (20270acd)
- odd wrapping on choose account and reset pwd links on sign in in some l10ns (f454d9d3)
test: Ensure the web channel tests complete. (46b578d6)

Features

client:
- Allow the user to restart the signup flow on email bounce. (896d1f47)
- Add some brokers! (83ee1861)
test: Add functional test for web channel flow when user signs up, closes original tab (c2b51b9d)

0.25.0 (2014-10-29)

Bug Fixes

chrome: fix a "read-only" strict mode error in Chrome (c15de01b)
client:
- Fix CORS requests not being decoded for Fx<21 (a92ab607)
- COPPA - make learn more link target _blank only on sync (ae06e403)
- Allow leading/trailing whitespace on email addresses. (2385500d)
coppa: better align error message in pop up (7bc43ca4)
oauth:
- fixes WebChannel double submit during password reset (c4ad6289)
- validate that redirect param exists. (a8c63fd0, closes #1786)
test: fixes setTimeout tests in FF18 (ab270636)

Features

metrics: Add three new auth-errors (ca2e1c46)

0.24.0 (2014-10-20)

Bug Fixes

client:
- Change the "Next" button to say "Sign up" (08a008c0)
- Add a "forgot password?" link when using cached credentials. (99754f76)
oauth: use the correct client_id for local oauth server (8e1c288c)
signin: choosing to use a different account clears cached credentials (4919e1d1, closes #1721)
styles: Ensure the year of birth select box uses Clear Sans. (4f796b29)
test: Fix test-latest functional tests. (37696cb0)
tests: remove about:prefs tests from full testing (cccdeb09)
trusted-ui-style: make layout shorter (02c7d7fb)

Features

client: Create and send a resume token to the OAuth server. (8dd01b07)
metrics: Add metrics for signup, preverified signup, signin, hide the resend button. (76ecb248)
test: Add more functional tests sign up/reset password flows. (483ba166)

0.23.0 (2014-10-07)

Bug Fixes

appStart: show an error screen when errors occur during app start (e457eae4)
avatars: redirect unverified users to confirm screen (d440e4d7, closes #1662)
fxa-client: update to latest client (fdb6dbbb)
style: ensure legal pages are no taller than /signup (1698922b)
tests:
- run tos and pp test for saving information separately - fixes #1640 (d2f52126)
- Only set the autofocus timeout if the element to be focused is hidden. (ce2ce9d0)

Features

client:
- Smooth out the verification flow. (02b0d351)
- Fix the COPPA flow to allow 13 year olds that are born this year to register. (61ec08bd)

0.22.0 (2014-09-22)

Bug Fixes

avatars:
- show a spinner icon when loading images with latency (ae1e17f1, closes #1527)
- set the correct OAuth client ID for fxa-dev environment (f6374760, closes #1683)
- integrate profile server backend for profile images (66ebc83a)
- disable remote URL option (17e76acd)
client:
- autofocus the password field on /oauth/signin if the user already has a session. (c4228b2f)
- Auto-focus the password field on the /delete_account page. (31fc11d2)
errors: use the correct context for error messages (a3c4f2a2, closes #1660)
oauth: increase the assertion lifetime to avoid clock skew issues (132bbf57)
test: Fix and enable the oauth-preverified-sign-up functional test. (7cade58a)
tests:
- Fix some places that race with an XHR response return (f49e3de6)
- Fix the oauth_webchannel tests when run by themselves. (f19d2d58)

Features

metrics: Log entrypoint to the metrics. (9ecf71bb)
test: Add the ability to run npm run-script test-functional-oauth from the command l (6ca4fe4d)

0.21.0 (2014-09-08)

Bug Fixes

avatars: allow mobile browsers to reposition the image during crop (74202ea1)
hsts: force hsts headers and use milliseconds (138756b1)
signin: cache credentials for desktop sign-ins, otherwise only cache email (33675ae8, closes #1621)
styles: Un-nesting some CSS to fix /signin links (1878d120)

Features

client: Add support for preVerfiyToken. (d30dd6d3)
signin: Add cached signin (7780e49a)

0.20.0 (2014-08-25)

Bug Fixes

build:
- Remove imagemin for dependencies (bddf83fe)
- Wait for config to load. Move draggable into a require.js packge. (b2a0be17)
l10n: remove the en i18n symlink (9c2e5ba0)
teats: Use execute to clear browser state (f56aa45e)
tests:
- Avatar functional test updates (ceb5561d)
- Update service-mixin tests. (37d6c371, closes #1400)
travis: Run functional tests first, move sleep. (23f124cc)

Features

oauth: Support for URN redirects (dc2cefd6)

0.19.0 (2014-08-11)

Bug Fixes

avatars:
- add profile server client to proxy remote images (899f1895)
- clean up numerous issues from comments in #1405 (916044d6)
bug:
- IE9: browser unsupported message is very wide (488f5108)
- fixed snippet layout error (0e3dcd9e)
client:
- Show the /force_auth error message on startup, if one exists. (e61bf17e)
- Remove the survey material all together, it's not being used. (04249936)
- If logError/displayError/displayErrorUnsafe is called without an error, log an ` (d3bf9552)
- Display Service Unavailable if the user visits /oauth/sign(in|up) and the OA (fe599744)
- Ensure a down OAuth server does not cause an undefined error. (7224d952)
csp:
- allow image sources from gravatar (cfd7ce84)
- allow data uris for images (9a880661)
deps: update express and request dependencies to patched versions (5e990731)
fxa-client: remove lang from fxa-client requests (93c3384d, closes #1404)
l10n:
- ensure that supported languages are a subset of the default supported languages (d0d14176)
- add hsb and dsb to default supported languag list for asset generation (c726205d)
legal:
- show home button on legal pages when loaded directly (8bf43a37)
- fix layout of statically rendered legal pages (f59d82b1)
logger: fix for express logger api change (dfa60957)
metrics: Log a screen once, childviews should not cause the parent to be lgoged. (5964e0ba)
router: show error screen when view rendering fails (49eb7063)
sync: show Sync brand name when signin up/in for Sync (c15a2761, closes #1339)
test: Ensure requirejs configuration is loaded before any other scripts. (10eddcb4)
tos-pp: rely on accept headers instead of naviagor.language for partial requests (fdceab5a, closes #1412)

Features

metrics: Add screen width and height to the metrics. (0f5f3513)
oauth:
- Add WebChannel support (97b714b6)
- message to native flows (00c1c0f7)
settings: profile images (fe0b8770)

0.18.0 (2014-07-28)

Bug Fixes

bug:
- IE9: browser unsupported message is very wide (488f5108)
- fixed snippet layout error (0e3dcd9e)
client:
- If logError/displayError/displayErrorUnsafe is called without an error, log an ` (d3bf9552)
- Display Service Unavailable if the user visits /oauth/sign(in|up) and the OA (fe599744)
- Ensure a down OAuth server does not cause an undefined error. (7224d952)
fxa-client: remove lang from fxa-client requests (93c3384d, closes #1404)
l10n: add hsb and dsb to default supported languag list for asset generation (c726205d)
legal: fix layout of statically rendered legal pages (f59d82b1)
metrics: Log a screen once, childviews should not cause the parent to be lgoged. (5964e0ba)
router: show error screen when view rendering fails (49eb7063)
sync: show Sync brand name when signin up/in for Sync (c15a2761, closes #1339)
tos-pp: rely on accept headers instead of naviagor.language for partial requests (fdceab5a, closes #1412)

Features

metrics: Add screen width and height to the metrics. (0f5f3513)
settings: profile images (fe0b8770)

0.17.0 (2014-07-14)

Bug Fixes

fonts: Update connect-fonts-firasans and grunt-connect-fonts. (e5a2fdcd)
l10n: use correct locale if specified in url for legal pages (02c287cb, closes #1337)
legal: fix rendering of legal pages when loaded directly via url (70b17b37, closes #1372)
styles: sassify border radii (10f53c09)
tests: Make IE10/IE11 pass all the mocha tests. (074c7246)

Features

metrics: Log which marketing material is shown to a user. (afa111ac)
server: Add a forwarding proxy for IE8. (50060ce3)

0.16.0 (2014-06-30)

Bug Fixes

client:
- Firefox for Android Sync marketing material is only available to desktop sync us (c5e62fa6)
- Only send a link_expired event if the password reset link is expired. (38310417)
- Fix the IE8 password toggle test for real this time. (8cdecd14)
- Check the user's old password before attempting a change password. (b78bfaa5)
- Remove the ability for IE8 and IE10+ to show the password field. (b257333f)
- Abort autofocus events if no element exists with the autofocus attribute. (07a12642)
- Throw an exception if invokeHandler is passed an invalid handler. (0f58af47)
- Remove keyboard accessibility for the show/hide button. (09fc7a96)
- Replace calls to [].indexOf with _.indexOf for IE8 support. (b5430e1b)
csp: turn on report only mode until CSP issues are resolved (e39e4128)
css: Remove the blue background on select element focus in IE10+ (b8300f9f)
desktop: keep desktop context after password change (df187b8d, closes #812)
ie8: use a standard font so the password field renders correctly (48c7e807, closes #1266)
l10n:
- disable fira sans for unsupported locales (46dedd04)
- build json locale bundles on server start (1ba744c3, closes #1295)
- upgrade jsxgettext to handle nested handlebar clocks (229303ac, closes #1306)
oauth:
- ensure oauth forms are enabled if valid on afterRender (f46e435c)
- only show service name if it is defined (dc5775ee, closes #1216)
- keep the oauth context after a page refresh (a548e575)
server: Add a 'connect-src' directive to allow contact with the auth-server and oauth-se (28d9a90d)
strings: fix reset password link error messages (cf525dcf)
test:
- fix functional test remote for slow connections (8f0d0025)
- Remove cache busting URLs in dev mode. (ffc0de84)
tests: Fix throttled test.. (6e3430f3, closes #1144)

Features

client:
- Add email prefill on the /signin page if the email address is passed as a sear (f7049063)
- Add email prefil on the /signup page if an email is passed as a URL search par (af7ad386)
- add expired verification link message and a email resend link (12b1fe71)
server: Add x-content-type-options: nosniff headers to prevent browser content type sn (3bdc2584)

0.15.0 (2014-06-16)

Bug Fixes

client:
- Convert all inline error strings to use an error object. (73231273)
- Fix disabled cookies screen not showing correctly. (6442364e)
config: don't alter process.env.CONFIG_FILES from the config script (11653d4c)
csp: update p-promise library to version that is CSP compatible (a82e51f3)
form: a regression was hiding sign up/in suggestions (6466370d)
forms: labels should not shift unless values change (2811d0a9, closes #1008)
style: make tooltips work for the select list hack (30d91076)
test: Run Mocha tests in order (8d0d58a3)
tests: update legal and tos tests to work under slow conditions (17006989)

Features

ux: show messaging when response takes longer than expected (e4d13330)

0.14.0 (2014-06-02)

Bug Fixes

bug: modify select css to remediate bug 1017864 (c15d8f47)
build:
- Exclude testing tools from production build (84658550)
- Downgrade imagemin (e04c9e9a)
config:
- Add oauth_url to awsbox (3e2c5576)
- set default oauth url to dev deployment (63237fe7)
logs: Set metrics sample_date to 0 (037c0da4)
oauth: Adding functional oauth tests and fixing oauth bugs (8e941318)
server: Remove X-FRAME-OPTIONS for Legal and Terms (9eff994f)
test:
- Update oauth client name, jshint (566355fb)
- Force focus in Mocha tests. (23bead9a)
- Removed 'npm run test-browser'. Combined into 'npm test' (38cb00b2)
tests:
- Exclude functional tests from Travis (e84daa75)
- fix hanging email issues (04b186ea)
views: strip spaces in uid, token, code when pasted (1d1919ac)

Features

Add front end metrics gathering. (084fce06)
server: serve directly over https (1216ab0d)

0.13.0 (2014-05-19)

Bug Fixes

build:
- Remove Sync browser pages from distribution build (50ddf022)
- Exclude env-test.js from the copyright check, it has its own from the Modernizr (7ae249dd)
- Fix IE 404s when requesting .eot fonts in prod. (ef28093f)
client:
- update js-client so xhr works in IE (15a75cee)
- Fix form validation on browsers that do not have HTML5 form field validation. (aa8992eb)
- Disable IE9 support until we get IE9's CORS situation situated. (717fbcf2)
- Fix the styling on outdated browsers. (9b1ef4ef)
- update js-client to 0.1.19 for request timeouts (48d6a637)
- Fix email field focus in Chrome. No more exceptions. (d1ed5334)
- Prefill the user's email on /signin if the user clicks the "sign in" link from " (efaa0ab8)
- Fix the "Sign in" link on /confirm_reset_password if the user is in the force (9fbe392f)
- No longer automatically sign in existing users on signup. (ae625d93)
email:
- generated templates should escape email and link variables (7bf2b225)
- don't escape template strings with smart quotes (886ef989)
emails: no need to HTML escape text based emails (fdecafb2)
marketing: add breakpoints for marketing snippet (cf9c7698)
server: Fix IE9 not showing any content. (cca162d0)
test: Fix the reset password related tests that were broken by the new form prefill fe (686533f6)
tests:
- Fixed a regex typo in the reset password tests (c28bdfc5)
- Fix Safari focus issues. (ef7f760e, closes #1049)
- Add a missing semicolon. (85a795e6)
- Fix the jshint errors and warnings in all of the tests. (ad82aac6)
ui: word-break long email addresses (1d1efbbf)

0.12.0 (2014-05-05)

Bug Fixes

build: Use the custom version of Modernizr in prod, not the full version. (7c31d07a)
client:
- Do not show Fx for Android marketing material if completing sign up on B2G or Fe (23a08b4a)
- Gracefully handle server errors when fetching translations. (24d95825)
l10n: normalize locale when fetching client.json (7a3ce02c, closes #1024)
server: Ensure the browsehappy text is translated (ae1cc9e9)

0.11.2 (2014-04-29)

Bug Fixes

email: Pass {{link}} url into outlook-specific markup in email templates. (ec231c25)

0.11.1 (2014-04-28)

Bug Fixes

client: Gracefully handle server errors when fetching translations. (768b5926)
l10n: revert untranslated strings (faf5651e)

0.11.0 (2014-04-21)

Bug Fixes

client:
- Replaced cookie checks with localStorage checks as a work around for 3rd party c (4442d1ab)
- Correctly handle the THROTTLED error from fxa-client.js->signUp (5ebe34c2)
- Fix disappearing error messages when toggling password visibility. (5c71c26f)
emails: make emails responsive + work with outlook (f2af56c0)
i18n: Ensure i18n works in Chrome. (a5fa583a)
l10n:
- config should return the language not locale (3d90a4b7)
- ensure the default locale is listed as supported (07a07a6c)
server:
- add cache-control header for /config (21f992f9)
- Add maxAge cache control for static assets (581531e6)
templates: make firefox logo visible on templates and add mozilla logo (9b9a5039)

0.10.2 (2014-04-18)

Bug Fixes

tests: fix privacy heading ID (4fd3139e)

0.10.1 (2014-04-18)

Bug Fixes

client: Replaced cookie checks with localStorage checks as a work around for 3rd party c (c75bf680)

0.10.0 (2014-04-14)

Bug Fixes

build: Fix the typo when copying fonts. (cec3e6eb)
client: Enable back button functionality when visiting /. (35ba88e2)
server: Ensure fonts have cacheable URLs. (c66e6ef1)

Features

client: updating js client to 0.1.18 (db4764e3)

0.9.0 (2014-04-07)

Bug Fixes

client:
- Redirect to start page if resend email token is invalid. (28217658)
- Use sentance casing on placeholder text. (4d4142f9)
- transition from password reset confirmation to signin once reset is complete (23311db0)
- All error strings should have a Capitalized first letter. (a1a74b18)
- Ensure auth-server errors are displayed on confirm pages. (ba156c2b)
tests:
- Ensure all tests pass. (a6d0c31c)
- Use assert(false, <message>) instead of assert.fail(<message>). (e541e3fb)
- Fix test failures by reducing shared global state. (f6948cd4)
- Update unit and functional tests to handle throttled password reset email reques (190ba0b5)

0.8.0 (2014-03-31)

Bug Fixes

build:
- Use lowercase extensions on output files in marked. (bff7ad71)
- Normalize TOS/PP filenames to use the _ separator. (19095a44)
client:
- Ensure the client specifies a language when requesting TOS/PP templates. (eef61de4)
- remove retry functionality over desktop channel (e722a204)
- automatically add version to auth-server url if missing (79237efb)
- Enabled autocomplete='off' for all password input boxes. (51d77028)
server: Redirect with locale name that abide understands. (b430cd7c)
signup: choose what to sync checkbox should persist on the signup page (0570ccdb)
styles:
- kill webkit default inset shadow (bbf6f856)
- user older standard for bg-pos to work with ios7 (0c2b7e73)
tests:
- Fix the failing fxaClient->signIn test. (3e484316)
- Ensure a real locale is used for TOS/PP template requests. (1825b321)

Features

Translated TOS/PP text! (26f680b3)
client:
- Add support for "can_link_account" Desktop Channel message. (fecbe20d)
- updating js client to 0.1.17 (11e8f398)

0.0.7 (2014-03-24)

Bug Fixes

client:
- Session values only last as long as the browsing session now by default. (d22e5680)
- put a fixed limit on email resend api calls (1b3c8b37)
fxa-client: trim leading/trailing whitespace from user's email (2b5bf630)
l10n: normalize locale name when generating json strings (fb1cedff)
style:
- fix android chrome select box (9b889146)
- removes flicker from post email verification screen (185d0e80)

0.0.6 (2014-03-17)

Bug Fixes

awsbox: fix awsbox authserver config (f0134f15)
build: Use fxa-content Sauce Labs account (4f383524)
channel:
- call 'done' callback in Session.send if given (f92a6deb)
- Make sure the web channel invokes the 'done' callback in Channel.send if it's gi (b8435bf9)
client:
- Hide sign out from users who signed in from Firefox desktop. (5d8699de)
- Re-enable "delete account" in settings. (9d6cf483)
- Use /settings as the landing page when logging in to the accounts portal. (9dba7e5a)
constants: Added a constant for the Fx Desktop context (582b86e4)
l10n:
- fix configuration typo causing default language to be undefined (4cb85819)
- find best locale when region not available (bb67db05)
- fix string copy task (8f0b338a)
- fetch strings from the l10n repo and fix supported languages config (dfaa76d7)
routes: allow direct loading of delete_account page (e4defe45)
styles:
- issue 678 (12f43c94)
- Removing explicit Show button width (7d925a30)
templates: Remove ip address restriction on email templates (edd4c0a9)
view: update delete account view and associated template (76635cc8)

Features

client: Don't show 'settings' when context=desktop and user is verified (768cd7f7)
session: Make the Session aware of the 'context' (3d7f1b6a)

0.0.5 (2014-03-10)

Bug Fixes

client:
- signOut is always a success, even if it is a failure. (7adb896a, closes #616)
- Show "Service unavailable" error message if auth server is unavailable or return (6c0dc629, closes #601)
l10n: add missing debug locale to local config (15e0403e)
router:
- handle an extra slash when loading the index (bf1a5e24)
- allow optional trailing slash on routes - fixes #641 (0c28907c)
server:
- run_locally.js - just pipe the child streams to stdout/stderr (0a80fbad)
- add timestamps to log lines - fixes GH-662 (32f64b30)
- Use correct production path for config/version.json (5211df72, closes #530)
tests: Update to handle unverified users re-signing up. (32175d6e, closes #666)

Features

client: Password reset email prefill & /force_auth simplification. (8259981a, closes #549, #637)

0.0.2 (2014-03-03)

Bug Fixes

keyframe animations should go to 360 degrees, not 365 (065ab83c)
remove grunt-contrib-connect dependency. (77d91393)
show the focus ring on anchors (f4694627)
interpolate error string variables with data from backend. (93c672c5)
awsbox: fix awsbox configuration (2560de4d)
build:
- Use static version numbers for bower deps (1f07875d)
- Update lockdown.json with new dependencies (6192bcc8)
client:
- validate emails against IETF rfc5321 (d7d3a0ba, closes #563)
- Add /signin_complete endpoint. (083d7734, closes #546)
l10n: use underscores instead of dashes in locale directory names; enable all locales (5fc24fc3)
styles:
- Fiding duplicated selector in main.scss (c23f9f9e)
- Removing unneeded vendor prefixes (f7e5373c)

Features

Add a styled 404 page, rendered on the back end. (cc2a024b)
build:
- Adding npm-lockdown (d60699d7)
- Add a grunt version task to stamp a new version. (aaa6e9d8, closes #496)
client: update document title on screen transition. (8973b1a3, closes #531)

Breaking Changes

The production configuration script must add a new option to its config :

   page_template_subdirectory: 'dist'

issue #554

. (cc2a024b)

mozilla / fxa-content-server Archived

fxa-content-server/CHANGELOG.md

0.75.1 (2016-11-29)

Bug Fixes

0.75.0 (2016-11-28)

Bug Fixes

chore

Features

Refactor

0.74.0 (2016-11-14)

Bug Fixes

chore

Features

Refactor

0.73.1 (2016-11-02)

Bug Fixes

chore

0.73.0 (2016-11-01)

Bug Fixes

chore

Features

Refactor

0.72.1 (2016-10-20)

Bug Fixes

0.72.0 (2016-10-19)

Bug Fixes

Features

Refactor

0.71.0 (2016-10-06)

Bug Fixes

chore

Features

Refactor

0.70.0 (2016-09-20)

Bug Fixes

chore

Features

Refactor

0.69.0 (2016-09-07)

Bug Fixes

chore

Features

Refactor

0.68.1 (2016-08-24)

Bug Fixes

Refactor

0.68.0 (2016-08-23)

Bug Fixes

chore

Features

Refactor

0.67.0 (2016-08-09)

Bug Fixes

chore

Features

0.66.0 (2016-07-26)

Bug Fixes

chore

Features

Refactor

0.65.0 (2016-07-12)

Bug Fixes

chore

Features

Refactor

style

0.64.0 (2016-06-22)

Bug Fixes

chore

Features

Refactor

style

0.63.0 (2016-06-01)

Bug Fixes

chore

Features

Refactor

0.62.0 (2016-05-18)

Bug Fixes

chore