----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3334/ -----------------------------------------------------------
Review request for shindig. Summary ------- This is the first of a couple of gadgets I'd like to commit that can act as unit tests for testing deployment configurations, such as locked domains and security token encryption. This particular gadget simply tries to get at container information (the location) from within the gadget. In a properly configured environment this should be disallowed due to browser same-origin policy. Can anyone else think of anything that this gadget should be testing? Currently it will simply try to get at the parent window's location and then will keep lowering its domain to try to match that of the container's. Diffs ----- http://svn.apache.org/repos/asf/shindig/trunk/content/samplecontainer/examples/ContainerGadgetDomainTest.xml PRE-CREATION http://svn.apache.org/repos/asf/shindig/trunk/content/samplecontainer/examples/commoncontainer/gadgetCollections.json 1225624 Diff: https://reviews.apache.org/r/3334/diff Testing ------- Container: localhost, Gadget: localhost, Result: Fail Container: container.foobar.com, Gadget: gadgets.foobar.com, Result: Success Container: foobar.com, Gadget: gadgets.foobar.com, Result: Fail (when the container page has set document.domain to location.hostname) And I'm sure I tried some other things as well. :) Thanks, Stanton
