I'm considering modifying ProxyHandler.java so that it no longer even thinks about trying to sign requests being tunneled through the image embedding proxy. Signing would be available only through the JSON proxy.
Note that no existing code (that I can find, anyway) would trigger the signing functionality for the embedding proxy. No gadget security token is provided, much less the appropriate parameters to enable signing. Objections?
