Hi Gabriel: This is precisely what the "locked-domain" feature does.
The default implementation in Shindig - which Google uses - is to generate a URL w/ prefix base32(sha1(gadgetUrl)). This occurs when: A) the gadget requires "locked-domain" explicitly B) the gadget requires another feature that has a <dependency> on locked-domain C) the container is set up (in its ContainerConfig, via key "gadgets.uri.iframe.lockedDomainRequired" with type boolean) to demand locked-domain for all renders The validation algorithm is thus: A. when a gadget requires locked-domain, it MUST have a locked-domain prefix. B. if the domain on which a gadget is rendered has *any* valid locked-domain *suffix*, mark as invalid. Doing this ensures the domain isolation of each gadget. The bulk of this functionality is implemented in the Java implementation in: http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultIframeUriManager.java INVALID_DOMAIN is returned in the mismatched cases. locked-domain URLs are generated if (usingLockedDomain(...)). The default prefix generator is: http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java --j On Wed, Oct 13, 2010 at 4:29 PM, Gabriel Guardincerri <[email protected]>wrote: > Hi, > > We would like increase the security of each gadget by having each one in a > different subdomain. This is, have each iframe in a different subdomain to > use the cross-domain security of the browsers. > We found that we can define the urls using our own container.js, but > there's > no way to assign a different subdomain for each gadget. So, is there a way > to make that more dynamic, or to do something else to have a different > subdomain for each gadget? > > Thanks, > > Gabriel >
