Marshall Shi created SHINDIG-1830:
-------------------------------------
Summary: Do whitelist check before consuming resources fetching
content from the gadget URI
Key: SHINDIG-1830
URL: https://issues.apache.org/jira/browse/SHINDIG-1830
Project: Shindig
Issue Type: Bug
Components: Java
Affects Versions: 2.5.0-beta2
Reporter: Marshall Shi
Fix For: 2.5.0-beta2
The gadgets/ifr endpoint will fetch the gadget xml first and then do the white
list check. It is consuming resources to fetch content when the gadget is not
allowed to render according to the gadget admin.
The proposed fix is to move the white list check ahead of processing the gadget
xml. If the gadget is not allowed to show, an error message will be returned
before doing the content fetching.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
