You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shindig.apache.org by "Ryan Baxter (JIRA)" <ji...@apache.org> on 2012/05/30 14:46:27 UTC
[jira] [Updated] (SHINDIG-1557) jsonrcptransport.js is using the
container security token instead of the gadget security token
[ https://issues.apache.org/jira/browse/SHINDIG-1557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ryan Baxter updated SHINDIG-1557:
---------------------------------
Fix Version/s: 2.5.0-beta2
> jsonrcptransport.js is using the container security token instead of the gadget security token
> ----------------------------------------------------------------------------------------------
>
> Key: SHINDIG-1557
> URL: https://issues.apache.org/jira/browse/SHINDIG-1557
> Project: Shindig
> Issue Type: Bug
> Components: Javascript
> Affects Versions: 2.5.0-beta1
> Reporter: Doug Davies
> Assignee: Stanton Sievers
> Fix For: 2.5.0-beta2
>
>
> When a gadget makes an rpc request (using common container) the security token returned to the gadget via the st param is not the one being used for the rpc request. It is using the one generated in the container. This is probably because the rpc call ends up happening in the context of the container and shindig.auth.getSecurityToken returns that one. Calls to userprefs and appdata need the gadget security token so the is has the appid and appurl to use as db indexes. Just having the viewer and owner that is inherited from the container is not enough.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira