Erik BI created SHINDIG-1876:
--------------------------------
Summary: Add security token to Concat servlet request without
compromise its cacheability
Key: SHINDIG-1876
URL: https://issues.apache.org/jira/browse/SHINDIG-1876
Project: Shindig
Issue Type: Bug
Reporter: Erik BI
Currently, the concat endpoint of Shindig doesn't require security token in the
request, makes it vulnerable to potential attack. So
1. The EH issue around closing down this endpoint led to an initial impl that
has the rewriter add the ST to the URL the browser will activate to load the
content.
2. Append current gadget ST will reduce cacheability to a per user during the
lifetime of the ST (i.e. pretty bad). So a new type of ST needs to be
introduced.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
