Re: Review Request: allow container to exclude JSONP access

Mon, 08 Oct 2012 21:29:44 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/6652/
-----------------------------------------------------------

(Updated Oct. 9, 2012, 4:29 a.m.)


Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich 
Thompson.


Changes
-------

Call for comments.


Description
-------

Shindig code base supports a 'callback' query parameter on a number of entry 
points (RPC Servlet entry, DataServiceServlet and JsonRpcServlet) and thereby 
provides JSONP support. However, Shindig has no place that uses this support.

ALL containers based off of Shindig are now forced to protect themselves 
against inappropriate JSONP usage (security issue).

Why would Shindig ship unused functionality that FORCES all containers to do 
extra work?

The proposed improvement is to extract a setting so application can disable 
JSONP feature. In the longer term, we can deprecate this feature and remove it 
if no one is  depending on this feature.


This addresses bug shindig-1837.
    https://issues.apache.org/jira/browse/shindig-1837


Diffs
-----

  
http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties
 1373213 
  
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ApiServlet.java
 1373213 
  
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/DataServiceServlet.java
 1373213 
  
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
 1373213 
  
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/DataServiceServletTest.java
 1373213 
  
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/JsonRpcServletTest.java
 1373213 
  
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/RpcServlet.java
 1373213 
  
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/RpcServletTest.java
 1373213 
  
http://svn.apache.org/repos/asf/shindig/trunk/java/samples/src/test/java/org/apache/shindig/social/opensocial/jpa/spi/integration/JpaRestfulTestConfigHelper.java
 1373213 
  
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
 1373213 

Diff: https://reviews.apache.org/r/6652/diff/


Testing
-------

Done


Thanks,

Marshall Shi

Reply via email to