----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3334/#review4247 -----------------------------------------------------------
Thanks for the reviews everyone. Committed r1228916. - Stanton On 2012-01-03 15:18:36, Stanton Sievers wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/3334/ > ----------------------------------------------------------- > > (Updated 2012-01-03 15:18:36) > > > Review request for shindig and Jasvir Nagra. > > > Summary > ------- > > This is the first of a couple of gadgets I'd like to commit that can act as > unit tests for testing deployment configurations, such as locked domains and > security token encryption. > > This particular gadget simply tries to get at container information (the > location) from within the gadget. In a properly configured environment this > should be disallowed due to browser same-origin policy. > > Can anyone else think of anything that this gadget should be testing? > Currently it will simply try to get at the parent window's location and then > will keep lowering its domain to try to match that of the container's. > > > Diffs > ----- > > > http://svn.apache.org/repos/asf/shindig/trunk/content/samplecontainer/examples/ContainerGadgetDomainTest.xml > PRE-CREATION > > http://svn.apache.org/repos/asf/shindig/trunk/content/samplecontainer/examples/commoncontainer/gadgetCollections.json > 1226796 > > Diff: https://reviews.apache.org/r/3334/diff > > > Testing > ------- > > Container: localhost, Gadget: localhost, Result: Fail > Container: container.foobar.com, Gadget: gadgets.foobar.com, Result: Success > Container: foobar.com, Gadget: gadgets.foobar.com, Result: Fail (when the > container page has set document.domain to location.hostname) > > And I'm sure I tried some other things as well. :) > > > Thanks, > > Stanton > >
