http://codereview.appspot.com/27054/diff/1/3 File java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java (right):
http://codereview.appspot.com/27054/diff/1/3#newcode495 Line 495: private boolean canHaveBody(HttpRequest base) { Went for broke and added a whole new getSignatureType in another class. Woohoo! http://codereview.appspot.com/27054/diff/1/4 File java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java (right): http://codereview.appspot.com/27054/diff/1/4#newcode380 Line 380: if (!request.getMethod().equals("GET")) { On 2009/03/18 17:00:10, louiscryan wrote:
share this check with OAuthRequest which is also checking for HEAD.
Done. http://codereview.appspot.com/27054/diff/1/4#newcode686 Line 686: if (!"GET".equals(info.request.getMethod())) { On 2009/03/18 17:00:10, louiscryan wrote:
again share this check.
Done. http://codereview.appspot.com/27054/diff/1/2 File java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/OAuthRequestTest.java (right): http://codereview.appspot.com/27054/diff/1/2#newcode1052 Line 1052: On 2009/03/18 17:00:10, louiscryan wrote:
a test for POST requests without body signing and tampering.
Done. http://codereview.appspot.com/27054
