You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shindig.apache.org by "Stanton Sievers (JIRA)" <ji...@apache.org> on 2012/05/08 21:31:50 UTC
[jira] [Resolved] (SHINDIG-1768) Add shindig security token to
makeRequest header
[ https://issues.apache.org/jira/browse/SHINDIG-1768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stanton Sievers resolved SHINDIG-1768.
--------------------------------------
Resolution: Fixed
Committed revision 1335707.
> Add shindig security token to makeRequest header
> ------------------------------------------------
>
> Key: SHINDIG-1768
> URL: https://issues.apache.org/jira/browse/SHINDIG-1768
> Project: Shindig
> Issue Type: Improvement
> Components: Java
> Affects Versions: 2.5.0
> Reporter: Brian Lillie
> Fix For: 2.5.0
>
> Attachments: mr_3.patch
>
>
> Following on in the same vein as SHINDIG-1756, we want to better identify the source of the requests coming into the server via makeRequest. If the request authz is not none, then the security token flows. if the authz is NONE, the security token is not sent. This change would be to include the security token on every request. Since including the token on the URL parameter would break the ability to cache, the security token will instead be added as a header named X-Shindig-ST on all requests. On the shindig server side, the header will be processed if there is not already a token supplied as a url parameter or oauth related parameter.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira