The security token is only passed if authz is "signed" or "authenticated". It doesn't make sense to pass it otherwise.
On Wed, Apr 16, 2008 at 10:32 AM, Chris Chabot <[EMAIL PROTECTED]> wrote: > Hey guys, > > Now we've got this st (security token) which if not filled in, is > defaulted to st=john.doe:john.doe:appid:synd:url:0 in javascript (gadgets.js > i believe). That fixes all cases ... i thought.. > > Seems when a proxy request happens from the gadget, the request url has an > empty st= param, forinstance: > > > http://shindig/gadgets/ifr?url=http%3A%2F%2Fwww.google.com%2Fig%2Fmodules%2Fhoroscope.xml&synd=default&mid=0&nocache=1&country=ALL&lang=ALL&view=default&parent=http%3A%2F%2Fshindig&st=john.doe:john.doe:appid:synd:url:0 > > (notice the "st=john.doe:john.doe:appid:synd:url:0" part) results in the > following proxy request: > > > http://shindig/gadgets/proxy?output=js&refresh=3600&url=http%3A%2F%2Fwww.tarot.com%2Frss%2Fgenerate.php%3Fcode%3Dgoogle-ig%26feed%3Ddaily_horoscope%26sign%3DGemini&httpMethod=GET&headers=&postData=&authz=&st=&oauthState=&oauthService=&oauthToken= > > notice the empty st= part here.. My code tends not to like this since it's > trying to retrieve the owner/viewer/etc from an empty string ... > unsuccessfully as i'm sure you can imagine :) > > If the gadget (iframe) url includes a st param, shouldn't the subsequent > proxy requests use it too? or am i missing something obvious here? > > -- Chris > -- ~Kevin
