[
https://issues.apache.org/jira/browse/SHINDIG-1870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13567326#comment-13567326
]
Tran The Trong commented on SHINDIG-1870:
-----------------------------------------
BTW I still can see in container.js, this is not only place that the scheme
part is hardcoded, there are also others in "views" feature :
"views" : {
"profile" : {
"isOnlyVisible" : false,
"urlTemplate" : "http://localhost${CONTEXT_ROOT}/gadgets/profile?{var}";,
"aliases": ["DASHBOARD", "default"]
},
"canvas" : {
"isOnlyVisible" : true,
"urlTemplate" : "http://localhost${CONTEXT_ROOT}/gadgets/canvas?{var}";,
"aliases" : ["FULL_PAGE"]
},
"default" : {
"isOnlyVisible" : false,
"urlTemplate" : "http://localhost${CONTEXT_ROOT}/gadgets/default?{var}";,
"aliases" : ["home", "profile", "canvas"]
}
},
Do you think we could also remove the scheme part in these places to get the
problem fixed completely ?
> Cross-site issue as http scheme is hardcoded in some URI template in
> container.js
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-1870
> URL: https://issues.apache.org/jira/browse/SHINDIG-1870
> Project: Shindig
> Issue Type: Bug
> Reporter: Minh Hoang TO
> Attachments: patch
>
>
> Some URI templates defined in container.js has scheme hardcoded as 'http'.
> That leads to cross-site problem as we have Apache Http (configured to use
> with https) in front of Tomcat + Shindig
> Detail info:
> We have one portal application configured to access via 'https', the embedded
> shindig server using default container.js (with 'http' in some URL templates)
> runs on the same host. As our gadgets (ones using OpenSocial API) fetch
> metadata via Ajax request, the cross-site issue appears
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
