[
https://issues.apache.org/jira/browse/SHINDIG-1812?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stanton Sievers updated SHINDIG-1812:
-------------------------------------
Attachment: SHINDIG-1812.patch
> X-Shindig-St behaves differently when the security token is null between
> Firefox and WebKit browsers
> ----------------------------------------------------------------------------------------------------
>
> Key: SHINDIG-1812
> URL: https://issues.apache.org/jira/browse/SHINDIG-1812
> Project: Shindig
> Issue Type: Bug
> Components: Javascript
> Affects Versions: 2.5.0-beta2
> Reporter: Stanton Sievers
> Assignee: Stanton Sievers
> Fix For: 2.5.0-beta3
>
> Attachments: SHINDIG-1812.patch
>
>
> From Doug Davies:
> Here's what I think it going on.
> In io.js this code
> var opt_headers = {
> 'X-Shindig-ST' : shindig.auth.getSecurityToken()
> };
> behaves differently. Even though I see both browsers set it as follows:
> {"X-Shindig-ST":null}
> later on in UrlParameterAuthenticationHandler it's set to the STRING "null"
> (not the value null) for webkit browsers.
> // no token yet, see if it was attached as a header
> if (StringUtils.isEmpty(token)) {
> String t = request.getHeader( "X-Shindig-ST" );
> if (StringUtils.isNotBlank(t)) {
> token = t;
> }
> }
> This blows up during decryption:
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
