[
https://issues.apache.org/jira/browse/SHINDIG-1557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13255838#comment-13255838
]
Doug Davies commented on SHINDIG-1557:
--------------------------------------
Stanton,
I think you are correct. I can no longer reproduce this error. It must have
been resolved at some point, but I can't pinpoint the change set that would
have done it. I'll go ahead and close this out.
> jsonrcptransport.js is using the container security token instead of the
> gadget security token
> ----------------------------------------------------------------------------------------------
>
> Key: SHINDIG-1557
> URL: https://issues.apache.org/jira/browse/SHINDIG-1557
> Project: Shindig
> Issue Type: Bug
> Components: Javascript
> Affects Versions: 2.5.0-beta1
> Reporter: Doug Davies
> Assignee: Stanton Sievers
>
> When a gadget makes an rpc request (using common container) the security
> token returned to the gadget via the st param is not the one being used for
> the rpc request. It is using the one generated in the container. This is
> probably because the rpc call ends up happening in the context of the
> container and shindig.auth.getSecurityToken returns that one. Calls to
> userprefs and appdata need the gadget security token so the is has the appid
> and appurl to use as db indexes. Just having the viewer and owner that is
> inherited from the container is not enough.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
