[
https://issues.apache.org/jira/browse/SHINDIG-1870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13566280#comment-13566280
]
Tran The Trong commented on SHINDIG-1870:
-----------------------------------------
Can shindig team please provide an advice for this problem ?
that can we remove the "http:" scheme as following :
Replace :
{code}
"opensocial" : {
// Path to fetch opensocial data from
// Must be on the same domain as the gadget rendering server
"path" : "http://%host%${CONTEXT_ROOT}/rpc";,
...
{code}
by
{code}
"opensocial" : {
// Path to fetch opensocial data from
// Must be on the same domain as the gadget rendering server
"path" : "//%host%${CONTEXT_ROOT}/rpc",
{code}
> Cross-site issue as http scheme is hardcoded in some URI template in
> container.js
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-1870
> URL: https://issues.apache.org/jira/browse/SHINDIG-1870
> Project: Shindig
> Issue Type: Bug
> Reporter: Minh Hoang TO
> Attachments: patch
>
>
> Some URI templates defined in container.js has scheme hardcoded as 'http'.
> That leads to cross-site problem as we have Apache Http (configured to use
> with https) in front of Tomcat + Shindig
> Detail info:
> We have one portal application configured to access via 'https', the embedded
> shindig server using default container.js (with 'http' in some URL templates)
> runs on the same host. As our gadgets (ones using OpenSocial API) fetch
> metadata via Ajax request, the cross-site issue appears
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
