[
https://issues.apache.org/jira/browse/SHINDIG-1837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ryan Baxter updated SHINDIG-1837:
---------------------------------
Fix Version/s: 2.5.0
> Allow containers to exclude JSONP access
> ----------------------------------------
>
> Key: SHINDIG-1837
> URL: https://issues.apache.org/jira/browse/SHINDIG-1837
> Project: Shindig
> Issue Type: Improvement
> Components: Java
> Affects Versions: 2.5.0-beta3
> Reporter: Marshall Shi
> Fix For: 2.5.0, 2.5.0-beta3
>
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> Shindig code base supports a 'callback' query parameter on a number of entry
> points (RPC Servlet entry, DataServiceServlet and JsonRpcServlet) and thereby
> provides JSONP support. However, Shindig has no place that uses this support.
> ALL containers based off of Shindig are now forced to protect themselves
> against inappropriate JSONP usage (security issue).
> Why would Shindig ship unused functionality that FORCES all containers to do
> extra work?
> The proposed improvement is to extract a setting so application can disable
> JSONP feature. In the longer term, we can deprecate this feature and remove
> it if no one is depending on this feature.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
