Hi Ayoma,
Thanks for the clarification.
The purpose of widget state is to contain non-sensitive information such as
filter criteria of widgets (ex. date range to select data from a database).
We do not recommend storing sensitive information such as access token in
the hash since it will be
Hi Lasantha,
Fragment ID of a Fragment URL (part after hash sign) will not be sent in
the HTTP Request back to the server. Also "Referer" header sent by browsers
should not include fragment ID [1]. Hence, data will not be logged in
intermediate proxies or any sort of server side access logs, and
[+Adding security team]
@Security team: In the above first approach, we suppose to store widget
state details in the URL hash as the given example. Can this be a security
loophole since it exposes some of the data (ex. search criteria) used by
the widgets via the URL?
*Lasantha Samarakoon* |
[Dashboard] Sharing a dashboard
Hi all,
I am currently working on dashboard sharing feature in UUF dashboard
component which will allow a user to share a dashboard with current state
(i.e. selected field values, chart drill-downs, etc.). To implement this we
need to maintain the state of each