Hey Chris, i'm currently experimenting around with that. I just created s imple php proxy and changed JsonRpcContainer.sendRequest that it use makeRequest instead of makeNonProxiedRequest. It seems to work somehow. The data is passed through as JSON and i also get JSON data back but it seems i have to fullfill some special JSON structure, it seems that the response from Shindig is not enough, i also need to send the request params back from the proxy?
So i try to use the most of the existing code, the proxy is not my best love but it should work for the moment. oh, maybe you know a simple php proxy that is already doing all that stuff? That would help, because figuring out whats wrong with that JSON parsin is really a pain in the .... About the features you mention, you are right, i don't care :-) I only need to talk to Shindig and get data from them. I treat Shindig as an adapter to an social platform out there. I must take care myself about rendering the data, this is why i don't want to and can't use the google gadget system. Andi On 25 Jun., 15:59, Chris Chabot <chab...@google.com> wrote: > On Thu, Jun 25, 2009 at 2:45 PM, Andi <andreas.schuet...@navteq.com> wrote: > > > Hi Chris, > > > thanks for your answer again, but unfortunatly i can't use Gadgets. I > > don't want to support 2 different systems > > of widgets and Gadgets. > > > So i still have to find a way to solve the XSS problem with directly > > using the opensocial API without gadget support. > > I could go on all day writing examples of where 'including a bunch of > javascript' is not going to give you an OpenSocial API, there's 30.000 lines > of code in shindig (per implementation) plus an additional 15.000 lines of > javascript code to offer the 'OpenSocial API', and just including the JS > will not work since you'll be missing quite a few essential features that > Apache Shindig offers, but you do not really give the impression you are > going to care :) > > Anyhow to your problem, to bypass the XSS problem for makeRequest, you need > to create a proxy on the same domain as the server that generated your > 'widget', and pass all calls through that; That's the only way you can do > caching properly, and bypass the XSS problem on all popular browsers. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
