The problem is that the gadget is being loaded from (for instance)
a.gmodules.com. This mean that any cookies that get set are set on
a.gmodules.com. This is a restriction in the browser. The security issue is
here:
Other gadgets that run on a.gmodules.com can read/write/alter your cookies
(since from a browsers point of view, it's the same domain)
The other problem is that next time your gadget is shown, it may be served
from b.gmodules.com, so you can't read your cookie back (again: browser
security).
There is no way that your cookie will ever be returned when the user goes to
your own website!
(actually, you might be able to do some of the things you want by using an
iframe within your gadget, but that is totally outside the scope of this
document. Also, that functionality will probably cease to exist if
containers require caja.
On 1/31/08, Piotr Jaroszyński <[EMAIL PROTECTED]> wrote:
>
> On Thursday 31 of January 2008 13:58:17 Reinoud Elhorst wrote:
> > I was about to answer, then I remembered Kevin having done that before:
> >
> > (snip)
>
> That's not what I meant. I don't want to be able to push cookies to the
> users
> browsers. What I want to be able to do is something like that:
> gadgets.io.makeRequest("example.org/?user=foo&pass=blah, callback, {
> GET_COOKIES: true }), and the callback function would save the cookie for
> later use in example.org fetches like:
> gadgets.io.makeRequest("example.org", callback, { HEADERS: { "Cookie" :
> my_saved_cookie} })
>
> --
> Best Regards,
> Piotr Jaroszyński
>
