Hi, I've got a Shindig deployment on my internal network that I'm using to render both internally and externally developed/hosted gadgets. I need to put some security measures in place to ensure that an external gadget can’t do something like makeRequest an internal resource and then push it out to some external server. However, internal gadgets should still be allowed to access internal resources.
It looks like there are three endpoints I need to be concerned with -- ProxyServlet, MakeRequestServlet and ConcatProxyServlet. I am thinking the easiest way for me to add this security is to write a Servlet filter to run in front of each of these services which will look at the http referrer, pull out the gadget spec URL, check to see if it’s an internal or external gadget, and then decide whether or not to allow the request to proceed or just return an HTTP 403. Does that sound like a reasonable approach? I missing any other places where I might need to put these restrictions in place? Thanks! --Jesse
