You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shindig.apache.org by "Minh Hoang TO (JIRA)" <ji...@apache.org> on 2012/09/14 06:38:07 UTC
[jira] [Created] (SHINDIG-1870) Cross-site issue as http scheme is
hardcoded in some URI template in container.js
Minh Hoang TO created SHINDIG-1870:
--------------------------------------
Summary: Cross-site issue as http scheme is hardcoded in some URI template in container.js
Key: SHINDIG-1870
URL: https://issues.apache.org/jira/browse/SHINDIG-1870
Project: Shindig
Issue Type: Bug
Reporter: Minh Hoang TO
Some URI templates defined in container.js has scheme hardcoded as 'http'. That leads to cross-site problem as we have Apache Http (configured to use with https) in front of Tomcat + Shindig
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHINDIG-1870) Cross-site issue as http scheme
is hardcoded in some URI template in container.js
Posted by "Minh Hoang TO (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-1870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13456741#comment-13456741 ]
Minh Hoang TO commented on SHINDIG-1870:
----------------------------------------
We got trouble with OpenSocial API as the URL of AjaxRequest is built with following templates
"opensocial" : {
// Path to fetch opensocial data from
// Must be on the same domain as the gadget rendering server
"path" : "http://%host%/social/rpc",
By removing the 'http' scheme, our cross-site issue is fixed but we are not sure if such change could lead to any side effect
> Cross-site issue as http scheme is hardcoded in some URI template in container.js
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-1870
> URL: https://issues.apache.org/jira/browse/SHINDIG-1870
> Project: Shindig
> Issue Type: Bug
> Reporter: Minh Hoang TO
>
> Some URI templates defined in container.js has scheme hardcoded as 'http'. That leads to cross-site problem as we have Apache Http (configured to use with https) in front of Tomcat + Shindig
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SHINDIG-1870) Cross-site issue as http scheme is
hardcoded in some URI template in container.js
Posted by "Minh Hoang TO (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-1870?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Minh Hoang TO updated SHINDIG-1870:
-----------------------------------
Description:
Some URI templates defined in container.js has scheme hardcoded as 'http'. That leads to cross-site problem as we have Apache Http (configured to use with https) in front of Tomcat + Shindig
Detail info:
We have one portal application configured to access via 'https', the embedded shindig server using default container.js (with 'http' in some URL templates) runs on the same host. As our gadgets (ones using OpenSocial API) fetch metadata via Ajax request, the cross-site issue appears
was:
Some URI templates defined in container.js has scheme hardcoded as 'http'. That leads to cross-site problem as we have Apache Http (configured to use with https) in front of Tomcat + Shindig
> Cross-site issue as http scheme is hardcoded in some URI template in container.js
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-1870
> URL: https://issues.apache.org/jira/browse/SHINDIG-1870
> Project: Shindig
> Issue Type: Bug
> Reporter: Minh Hoang TO
>
> Some URI templates defined in container.js has scheme hardcoded as 'http'. That leads to cross-site problem as we have Apache Http (configured to use with https) in front of Tomcat + Shindig
> Detail info:
> We have one portal application configured to access via 'https', the embedded shindig server using default container.js (with 'http' in some URL templates) runs on the same host. As our gadgets (ones using OpenSocial API) fetch metadata via Ajax request, the cross-site issue appears
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHINDIG-1870) Cross-site issue as http scheme
is hardcoded in some URI template in container.js
Posted by "Minh Hoang TO (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-1870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13456736#comment-13456736 ]
Minh Hoang TO commented on SHINDIG-1870:
----------------------------------------
We got trouble with below templates
"gadgets.jsUriTemplate" : "http://%host%/eXoGadgetServer/gadgets/js/%js%"
"urlTemplate" : "http://%host%/eXoGadgetServer/gadgets/home?{var}"
As we removed the 'http' scheme, our problem was fixed visibly. However, we are not sure if such removal could cause any side effect.
> Cross-site issue as http scheme is hardcoded in some URI template in container.js
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-1870
> URL: https://issues.apache.org/jira/browse/SHINDIG-1870
> Project: Shindig
> Issue Type: Bug
> Reporter: Minh Hoang TO
>
> Some URI templates defined in container.js has scheme hardcoded as 'http'. That leads to cross-site problem as we have Apache Http (configured to use with https) in front of Tomcat + Shindig
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SHINDIG-1870) Cross-site issue as http scheme is
hardcoded in some URI template in container.js
Posted by "Minh Hoang TO (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-1870?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Minh Hoang TO updated SHINDIG-1870:
-----------------------------------
Comment: was deleted
(was: We got trouble with below templates
"gadgets.jsUriTemplate" : "http://%host%/eXoGadgetServer/gadgets/js/%js%"
"urlTemplate" : "http://%host%/eXoGadgetServer/gadgets/home?{var}"
As we removed the 'http' scheme, our problem was fixed visibly. However, we are not sure if such removal could cause any side effect.)
> Cross-site issue as http scheme is hardcoded in some URI template in container.js
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-1870
> URL: https://issues.apache.org/jira/browse/SHINDIG-1870
> Project: Shindig
> Issue Type: Bug
> Reporter: Minh Hoang TO
>
> Some URI templates defined in container.js has scheme hardcoded as 'http'. That leads to cross-site problem as we have Apache Http (configured to use with https) in front of Tomcat + Shindig
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHINDIG-1870) Cross-site issue as http scheme
is hardcoded in some URI template in container.js
Posted by "Ryan Baxter (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-1870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13456151#comment-13456151 ]
Ryan Baxter commented on SHINDIG-1870:
--------------------------------------
Can you specify which templates you are having trouble with?
> Cross-site issue as http scheme is hardcoded in some URI template in container.js
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-1870
> URL: https://issues.apache.org/jira/browse/SHINDIG-1870
> Project: Shindig
> Issue Type: Bug
> Reporter: Minh Hoang TO
>
> Some URI templates defined in container.js has scheme hardcoded as 'http'. That leads to cross-site problem as we have Apache Http (configured to use with https) in front of Tomcat + Shindig
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHINDIG-1870) Cross-site issue as http scheme
is hardcoded in some URI template in container.js
Posted by "Ryan Baxter (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-1870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13457277#comment-13457277 ]
Ryan Baxter commented on SHINDIG-1870:
--------------------------------------
Do you have a patch you could contribute for your change?
> Cross-site issue as http scheme is hardcoded in some URI template in container.js
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-1870
> URL: https://issues.apache.org/jira/browse/SHINDIG-1870
> Project: Shindig
> Issue Type: Bug
> Reporter: Minh Hoang TO
>
> Some URI templates defined in container.js has scheme hardcoded as 'http'. That leads to cross-site problem as we have Apache Http (configured to use with https) in front of Tomcat + Shindig
> Detail info:
> We have one portal application configured to access via 'https', the embedded shindig server using default container.js (with 'http' in some URL templates) runs on the same host. As our gadgets (ones using OpenSocial API) fetch metadata via Ajax request, the cross-site issue appears
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira