http://codereview.appspot.com/27054/diff/1/3 File java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java (right):
http://codereview.appspot.com/27054/diff/1/3#newcode495 Line 495: private boolean canHaveBody(HttpRequest base) { consider renaming to shouldHashBody and return false if content type is form-encoded? http://codereview.appspot.com/27054/diff/1/4 File java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java (right): http://codereview.appspot.com/27054/diff/1/4#newcode380 Line 380: if (!request.getMethod().equals("GET")) { share this check with OAuthRequest which is also checking for HEAD. http://codereview.appspot.com/27054/diff/1/4#newcode686 Line 686: if (!"GET".equals(info.request.getMethod())) { again share this check. http://codereview.appspot.com/27054/diff/1/2 File java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java (right): http://codereview.appspot.com/27054/diff/1/2#newcode1052 Line 1052: a test for POST requests without body signing and tampering. http://codereview.appspot.com/27054
