[
https://issues.apache.org/jira/browse/SHINDIG-1870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13564044#comment-13564044
]
Tran The Trong commented on SHINDIG-1870:
-----------------------------------------
I'm concerning that why we have to hardcode the "http://"; protocol in the path
related configuration of gadget features ? Is there any reason we would know
about ?
> Cross-site issue as http scheme is hardcoded in some URI template in
> container.js
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-1870
> URL: https://issues.apache.org/jira/browse/SHINDIG-1870
> Project: Shindig
> Issue Type: Bug
> Reporter: Minh Hoang TO
> Attachments: patch
>
>
> Some URI templates defined in container.js has scheme hardcoded as 'http'.
> That leads to cross-site problem as we have Apache Http (configured to use
> with https) in front of Tomcat + Shindig
> Detail info:
> We have one portal application configured to access via 'https', the embedded
> shindig server using default container.js (with 'http' in some URL templates)
> runs on the same host. As our gadgets (ones using OpenSocial API) fetch
> metadata via Ajax request, the cross-site issue appears
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
