[
https://issues.apache.org/jira/browse/SHINDIG-1557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13067065#comment-13067065
]
Doug Davies commented on SHINDIG-1557:
--------------------------------------
See
http://markmail.org/message/selyqlacjgz7t7zv
http://markmail.org/message/kjsk6qdrjleomgsp
for more info.
> jsonrcptransport.js is using the container security token instead of the
> gadget security token
> ----------------------------------------------------------------------------------------------
>
> Key: SHINDIG-1557
> URL: https://issues.apache.org/jira/browse/SHINDIG-1557
> Project: Shindig
> Issue Type: Bug
> Components: Javascript
> Affects Versions: 3.0.0
> Reporter: Doug Davies
>
> When a gadget makes an rpc request (using common container) the security
> token returned to the gadget via the st param is not the one being used for
> the rpc request. It is using the one generated in the container. This is
> probably because the rpc call ends up happening in the context of the
> container and shindig.auth.getSecurityToken returns that one. Calls to
> userprefs and appdata need the gadget security token so the is has the appid
> and appurl to use as db indexes. Just having the viewer and owner that is
> inherited from the container is not enough.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
