Stanton Sievers created SHINDIG-1812:
----------------------------------------
Summary: X-Shindig-St behaves differently when the security token
is null between Firefox and WebKit browsers
Key: SHINDIG-1812
URL: https://issues.apache.org/jira/browse/SHINDIG-1812
Project: Shindig
Issue Type: Bug
Components: Javascript
Affects Versions: 2.5.0-beta1
Reporter: Stanton Sievers
Assignee: Stanton Sievers
Fix For: 2.5.0
>From Doug Davies:
Here's what I think it going on.
In io.js this code
var opt_headers = {
'X-Shindig-ST' : shindig.auth.getSecurityToken()
};
behaves differently. Even though I see both browsers set it as follows:
{"X-Shindig-ST":null}
later on in UrlParameterAuthenticationHandler it's set to the STRING "null"
(not the value null) for webkit browsers.
// no token yet, see if it was attached as a header
if (StringUtils.isEmpty(token)) {
String t = request.getHeader( "X-Shindig-ST" );
if (StringUtils.isNotBlank(t)) {
token = t;
}
}
This blows up during decryption:
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
