[jira] [Resolved] (SHINDIG-1830) Do whitelist check before consuming resources fetching content from the gadget URI

[Dan Dumont (JIRA)]

     [ 
https://issues.apache.org/jira/browse/SHINDIG-1830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dan Dumont resolved SHINDIG-1830.
---------------------------------

       Resolution: Fixed
    Fix Version/s:     (was: 2.5.0-beta2)
                   2.5.0-beta4

Committed r1372888
                
> Do whitelist check before consuming resources fetching content from the 
> gadget URI
> ----------------------------------------------------------------------------------
>
>                 Key: SHINDIG-1830
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1830
>             Project: Shindig
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: 2.5.0-beta2
>            Reporter: Marshall Shi
>             Fix For: 2.5.0-beta4
>
>         Attachments: 40272.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> The gadgets/ifr endpoint will fetch the gadget xml first and then do the 
> white list check. It is consuming resources to fetch content when the gadget 
> is not allowed to render according to the gadget admin. 
> The proposed fix is to move the white list check ahead of processing the 
> gadget xml. If the gadget is not allowed to show, an error message will be 
> returned before doing the content fetching.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira