If shindig and your container are on the same domain all gadgets have full access to your container javascript, can manipulate the dom of your page and access your user's cookies.
See http://en.wikipedia.org/wiki/Same_origin_policy 2010/8/17 Pablo Graña <pablo.gr...@globant.com>: > I apologize for my ignorance, but I can't figure out why is it a security > risk. > > On Tue, Aug 17, 2010 at 7:16 AM, Tim Wintle <tim.win...@teamrubber.com>wrote: > >> On Wed, 2010-08-11 at 13:01 -0400, Gregg Horan wrote: >> > I've been successful using apache in front and doing rewrites on / >> > gadgets, /social, etc. >> >> I may be misunderstanding, but you don't really want to be hosting your >> site on the same (domain, port) as shindig for security reasons. >> >> >> > > > -- > Pablo Gra\~na > Chief Architect > Globant > Arg Office: +54 (11) 4109 1743 > UK Office: +44 (20) 7043 8269 int 8043 > US Office: +1 (212) 400 7686 int 8043 >
