You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shindig.apache.org by "Ryan Baxter (JIRA)" <ji...@apache.org> on 2013/01/19 16:00:15 UTC
[jira] [Resolved] (SHINDIG-1837) Allow containers to exclude JSONP
access
[ https://issues.apache.org/jira/browse/SHINDIG-1837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ryan Baxter resolved SHINDIG-1837.
----------------------------------
Resolution: Fixed
Fix Version/s: (was: 2.5.0-beta3)
2.5.0-beta6
Committed revision 1435567
> Allow containers to exclude JSONP access
> ----------------------------------------
>
> Key: SHINDIG-1837
> URL: https://issues.apache.org/jira/browse/SHINDIG-1837
> Project: Shindig
> Issue Type: Improvement
> Components: Java
> Affects Versions: 2.5.0-beta3
> Reporter: Marshall Shi
> Fix For: 2.5.0, 2.5.0-beta6
>
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> Shindig code base supports a 'callback' query parameter on a number of entry points (RPC Servlet entry, DataServiceServlet and JsonRpcServlet) and thereby provides JSONP support. However, Shindig has no place that uses this support.
> ALL containers based off of Shindig are now forced to protect themselves against inappropriate JSONP usage (security issue).
> Why would Shindig ship unused functionality that FORCES all containers to do extra work?
> The proposed improvement is to extract a setting so application can disable JSONP feature. In the longer term, we can deprecate this feature and remove it if no one is depending on this feature.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira