On Thu, Jun 25, 2009 at 2:45 PM, Andi <andreas.schuet...@navteq.com> wrote:
> > Hi Chris, > > thanks for your answer again, but unfortunatly i can't use Gadgets. I > don't want to support 2 different systems > of widgets and Gadgets. > > So i still have to find a way to solve the XSS problem with directly > using the opensocial API without gadget support. I could go on all day writing examples of where 'including a bunch of javascript' is not going to give you an OpenSocial API, there's 30.000 lines of code in shindig (per implementation) plus an additional 15.000 lines of javascript code to offer the 'OpenSocial API', and just including the JS will not work since you'll be missing quite a few essential features that Apache Shindig offers, but you do not really give the impression you are going to care :) Anyhow to your problem, to bypass the XSS problem for makeRequest, you need to create a proxy on the same domain as the server that generated your 'widget', and pass all calls through that; That's the only way you can do caching properly, and bypass the XSS problem on all popular browsers. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
