You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@shindig.apache.org by "Ryan Baxter (JIRA)" <ji...@apache.org> on 2013/01/19 16:00:15 UTC

[jira] [Resolved] (SHINDIG-1837) Allow containers to exclude JSONP access

     [ https://issues.apache.org/jira/browse/SHINDIG-1837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ryan Baxter resolved SHINDIG-1837.
----------------------------------

       Resolution: Fixed
    Fix Version/s:     (was: 2.5.0-beta3)
                   2.5.0-beta6

Committed revision 1435567
                
> Allow containers to exclude JSONP access
> ----------------------------------------
>
>                 Key: SHINDIG-1837
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1837
>             Project: Shindig
>          Issue Type: Improvement
>          Components: Java
>    Affects Versions: 2.5.0-beta3
>            Reporter: Marshall Shi
>             Fix For: 2.5.0, 2.5.0-beta6
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> Shindig code base supports a 'callback' query parameter on a number of entry points (RPC Servlet entry, DataServiceServlet and JsonRpcServlet) and thereby provides JSONP support. However, Shindig has no place that uses this support.
> ALL containers based off of Shindig are now forced to protect themselves against inappropriate JSONP usage (security issue).
> Why would Shindig ship unused functionality that FORCES all containers to do extra work? 
> The proposed improvement is to extract a setting so application can disable JSONP feature. In the longer term, we can deprecate this feature and remove it if no one is depending on this feature.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira