You probably even want each gadget iframe to be rendered on a different sub domain or else they'll be able to influence eachother through the dom. Anyway, I ended up doing the metadata call on the serverside and passing only the result to the client js which seems to work fine.
On Tue, Aug 17, 2010 at 1:17 PM, Bastian Hofmann <bashofm...@googlemail.com>wrote: > If shindig and your container are on the same domain all gadgets have > full access to your container javascript, can manipulate the dom of > your page and access your user's cookies. > > See http://en.wikipedia.org/wiki/Same_origin_policy > > 2010/8/17 Pablo Graña <pablo.gr...@globant.com>: > > I apologize for my ignorance, but I can't figure out why is it a security > > risk. > > > > On Tue, Aug 17, 2010 at 7:16 AM, Tim Wintle <tim.win...@teamrubber.com > >wrote: > > > >> On Wed, 2010-08-11 at 13:01 -0400, Gregg Horan wrote: > >> > I've been successful using apache in front and doing rewrites on / > >> > gadgets, /social, etc. > >> > >> I may be misunderstanding, but you don't really want to be hosting your > >> site on the same (domain, port) as shindig for security reasons. > >> > >> > >> > > > > > > -- > > Pablo Gra\~na > > Chief Architect > > Globant > > Arg Office: +54 (11) 4109 1743 > > UK Office: +44 (20) 7043 8269 int 8043 > > US Office: +1 (212) 400 7686 int 8043 > > >
