You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shindig.apache.org by "Tran The Trong (JIRA)" <ji...@apache.org> on 2013/01/28 05:57:13 UTC
[jira] [Commented] (SHINDIG-1870) Cross-site issue as http scheme
is hardcoded in some URI template in container.js
[ https://issues.apache.org/jira/browse/SHINDIG-1870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13564044#comment-13564044 ]
Tran The Trong commented on SHINDIG-1870:
-----------------------------------------
I'm concerning that why we have to hardcode the "http://" protocol in the path related configuration of gadget features ? Is there any reason we would know about ?
> Cross-site issue as http scheme is hardcoded in some URI template in container.js
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-1870
> URL: https://issues.apache.org/jira/browse/SHINDIG-1870
> Project: Shindig
> Issue Type: Bug
> Reporter: Minh Hoang TO
> Attachments: patch
>
>
> Some URI templates defined in container.js has scheme hardcoded as 'http'. That leads to cross-site problem as we have Apache Http (configured to use with https) in front of Tomcat + Shindig
> Detail info:
> We have one portal application configured to access via 'https', the embedded shindig server using default container.js (with 'http' in some URL templates) runs on the same host. As our gadgets (ones using OpenSocial API) fetch metadata via Ajax request, the cross-site issue appears
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira