I'm moving this bug to CPI, because it returns a 401 when we perform the
HEAD request to fetch the X-Click-Token for downloading the package.
This is because an older version of the package in question was side-
loaded onto the phone, but the app was not purchased for the account
being used. Instead of a 401 (since the URL was signed with a valid
token), it would be better if the server returned a 404 perhaps, so that
the update would just be skipped. This would prevent the client from
thinking the credentials are invalid (because 401 or 403 implies the
authorization is not valid), and avoid causing the token to be deleted
on the phone.
** Package changed: ubuntuone-credentials (Ubuntu) => ubuntu
** Changed in: ubuntu
Importance: Medium => High
** Changed in: ubuntu
Status: In Progress => Confirmed
** Changed in: ubuntu
Assignee: Rodney Dawes (dobey) => (unassigned)
** Package changed: ubuntu => click-package-index
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1516917
Title:
Update of unpurchased and sideloaded apps causes U1 account
invalidation
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1516917/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
