New Persona URLs and IP addresses: possible impact on CSP and firewalls
francois at mozilla.com
Thu Jul 12 19:41:16 PDT 2012
We have rolled out our rebrand of BrowserID to Persona. As part of this
change, the URLs and IP addresses have changed. Most sites will not be
impacted by this since redirects from the old URLs to the new ones will
remain in place for the foreseeable future.
Content Security Policy
However, you need to update your CSP headers if you are using
Content-Security-Policy. The instructions available at
are still valid, but you now have to include both https://browserid.org
and https://login.persona.org in your headers.
Once you have replaced all references to
https://login.persona.org/include.js in your application code, you will
be able to drop https://browserid.org from your CSP headers.
Similarly, once you start verifying assertions using
https://verifier.login.persona.org/verify (instead of
https://browserid.org/verify), you will need to change your firewall
rules if you are restricting outgoing HTTPS connections.
The verifier is now available at 220.127.116.11 and
As always, you can get in touch with us on IRC (#identity on
irc.mozilla.org) or on our mailing list
(https://lists.mozilla.org/listinfo/dev-identity) if you run into any
- The Persona team
More information about the Persona-notices