Re: Review Request: allow container to exclude JSONP access

Mon, 14 Jan 2013 11:58:51 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/6652/#review15326
-----------------------------------------------------------

Ship it!


Ship It!

- Henry Saputra


On Oct. 9, 2012, 4:29 a.m., Marshall Shi wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/6652/
> -----------------------------------------------------------
> 
> (Updated Oct. 9, 2012, 4:29 a.m.)
> 
> 
> Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and 
> Rich Thompson.
> 
> 
> Description
> -------
> 
> Shindig code base supports a 'callback' query parameter on a number of entry 
> points (RPC Servlet entry, DataServiceServlet and JsonRpcServlet) and thereby 
> provides JSONP support. However, Shindig has no place that uses this support.
> 
> ALL containers based off of Shindig are now forced to protect themselves 
> against inappropriate JSONP usage (security issue).
> 
> Why would Shindig ship unused functionality that FORCES all containers to do 
> extra work?
> 
> The proposed improvement is to extract a setting so application can disable 
> JSONP feature. In the longer term, we can deprecate this feature and remove 
> it if no one is  depending on this feature.
> 
> 
> This addresses bug shindig-1837.
>     https://issues.apache.org/jira/browse/shindig-1837
> 
> 
> Diffs
> -----
> 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties
>  1373213 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ApiServlet.java
>  1373213 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/DataServiceServlet.java
>  1373213 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
>  1373213 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/DataServiceServletTest.java
>  1373213 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/JsonRpcServletTest.java
>  1373213 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/RpcServlet.java
>  1373213 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/RpcServletTest.java
>  1373213 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/samples/src/test/java/org/apache/shindig/social/opensocial/jpa/spi/integration/JpaRestfulTestConfigHelper.java
>  1373213 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
>  1373213 
> 
> Diff: https://reviews.apache.org/r/6652/diff/
> 
> 
> Testing
> -------
> 
> Done
> 
> 
> Thanks,
> 
> Marshall Shi
> 
>

Reply via email to