Zhihong Yang created SHINDIG-1822:
-------------------------------------
Summary: Resouces(js,css) Requests through the shindig /concat
servlet/proxy servlet are not signed
Key: SHINDIG-1822
URL: https://issues.apache.org/jira/browse/SHINDIG-1822
Project: Shindig
Issue Type: Improvement
Components: Java
Affects Versions: 2.5.0-beta2
Reporter: Zhihong Yang
Fix For: 2.5.0-beta2
Create a gadget that just has a
<Content><[CDATA[
<script src="SOME-JS-FILE.js" type="text/javascript"></script>
<link rel="stylesheet" type="text/css" href="SOME-CSS-FILE.css" />
]]>
</Content>
During the content rewrite, the container will create a js link to the Concat
servlet that includes that JS and create a css link to proxy servlet that
includes that CSS.
A config option as below will be added to container.js so that URLs to the
concat/proxy servlet include a security token (st=<gadet-security-token>), via
this security token, the request to those js/css file from gadget can be
idendified and authorized.
//Enables/Disables securiry token for js, css resources loaded by concat
servlet/proxy servlet
"gadgets.admin.enableSecuryTokenForConcat" : "false",
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
