You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shindig.apache.org by "Stanton Sievers (JIRA)" <ji...@apache.org> on 2012/06/26 00:04:42 UTC
[jira] [Created] (SHINDIG-1812) X-Shindig-St behaves differently
when the security token is null between Firefox and WebKit browsers
Stanton Sievers created SHINDIG-1812:
----------------------------------------
Summary: X-Shindig-St behaves differently when the security token is null between Firefox and WebKit browsers
Key: SHINDIG-1812
URL: https://issues.apache.org/jira/browse/SHINDIG-1812
Project: Shindig
Issue Type: Bug
Components: Javascript
Affects Versions: 2.5.0-beta1
Reporter: Stanton Sievers
Assignee: Stanton Sievers
Fix For: 2.5.0
>From Doug Davies:
Here's what I think it going on.
In io.js this code
var opt_headers = {
'X-Shindig-ST' : shindig.auth.getSecurityToken()
};
behaves differently. Even though I see both browsers set it as follows:
{"X-Shindig-ST":null}
later on in UrlParameterAuthenticationHandler it's set to the STRING "null"
(not the value null) for webkit browsers.
// no token yet, see if it was attached as a header
if (StringUtils.isEmpty(token)) {
String t = request.getHeader( "X-Shindig-ST" );
if (StringUtils.isNotBlank(t)) {
token = t;
}
}
This blows up during decryption:
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SHINDIG-1812) X-Shindig-St behaves differently
when the security token is null between Firefox and WebKit browsers
Posted by "Stanton Sievers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-1812?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stanton Sievers updated SHINDIG-1812:
-------------------------------------
Attachment: SHINDIG-1812.patch
> X-Shindig-St behaves differently when the security token is null between Firefox and WebKit browsers
> ----------------------------------------------------------------------------------------------------
>
> Key: SHINDIG-1812
> URL: https://issues.apache.org/jira/browse/SHINDIG-1812
> Project: Shindig
> Issue Type: Bug
> Components: Javascript
> Affects Versions: 2.5.0-beta2
> Reporter: Stanton Sievers
> Assignee: Stanton Sievers
> Fix For: 2.5.0-beta3
>
> Attachments: SHINDIG-1812.patch
>
>
> From Doug Davies:
> Here's what I think it going on.
> In io.js this code
> var opt_headers = {
> 'X-Shindig-ST' : shindig.auth.getSecurityToken()
> };
> behaves differently. Even though I see both browsers set it as follows:
> {"X-Shindig-ST":null}
> later on in UrlParameterAuthenticationHandler it's set to the STRING "null"
> (not the value null) for webkit browsers.
> // no token yet, see if it was attached as a header
> if (StringUtils.isEmpty(token)) {
> String t = request.getHeader( "X-Shindig-ST" );
> if (StringUtils.isNotBlank(t)) {
> token = t;
> }
> }
> This blows up during decryption:
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SHINDIG-1812) X-Shindig-St behaves differently
when the security token is null between Firefox and WebKit browsers
Posted by "Ryan Baxter (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-1812?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ryan Baxter updated SHINDIG-1812:
---------------------------------
Affects Version/s: (was: 2.5.0-beta1)
2.5.0-beta2
Fix Version/s: (was: 2.5.0)
2.5.0-beta3
> X-Shindig-St behaves differently when the security token is null between Firefox and WebKit browsers
> ----------------------------------------------------------------------------------------------------
>
> Key: SHINDIG-1812
> URL: https://issues.apache.org/jira/browse/SHINDIG-1812
> Project: Shindig
> Issue Type: Bug
> Components: Javascript
> Affects Versions: 2.5.0-beta2
> Reporter: Stanton Sievers
> Assignee: Stanton Sievers
> Fix For: 2.5.0-beta3
>
>
> From Doug Davies:
> Here's what I think it going on.
> In io.js this code
> var opt_headers = {
> 'X-Shindig-ST' : shindig.auth.getSecurityToken()
> };
> behaves differently. Even though I see both browsers set it as follows:
> {"X-Shindig-ST":null}
> later on in UrlParameterAuthenticationHandler it's set to the STRING "null"
> (not the value null) for webkit browsers.
> // no token yet, see if it was attached as a header
> if (StringUtils.isEmpty(token)) {
> String t = request.getHeader( "X-Shindig-ST" );
> if (StringUtils.isNotBlank(t)) {
> token = t;
> }
> }
> This blows up during decryption:
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira