[
https://issues.apache.org/jira/browse/SHINDIG-1830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marshall Shi updated SHINDIG-1830:
----------------------------------
Attachment: 40272.patch
update the patch with latest changes.
> Do whitelist check before consuming resources fetching content from the
> gadget URI
> ----------------------------------------------------------------------------------
>
> Key: SHINDIG-1830
> URL: https://issues.apache.org/jira/browse/SHINDIG-1830
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Affects Versions: 2.5.0-beta2
> Reporter: Marshall Shi
> Fix For: 2.5.0-beta2
>
> Attachments: 40272.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The gadgets/ifr endpoint will fetch the gadget xml first and then do the
> white list check. It is consuming resources to fetch content when the gadget
> is not allowed to render according to the gadget admin.
> The proposed fix is to move the white list check ahead of processing the
> gadget xml. If the gadget is not allowed to show, an error message will be
> returned before doing the content fetching.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
