http://codereview.appspot.com/1109041/diff/1/2 File java/common/src/main/java/org/apache/shindig/common/servlet/HttpUtil.java (right):
http://codereview.appspot.com/1109041/diff/1/2#newcode134 java/common/src/main/java/org/apache/shindig/common/servlet/HttpUtil.java:134: resp.addHeader("Access-Control-Allow-Origin", "*"); as a basic security primitive, this should be configurable/injectable somehow. http://codereview.appspot.com/1109041/show
