btw, why all the files that pass through the proxy are named as "p.txt"? it's a convention or what?
On Wed, Jul 16, 2008 at 5:58 PM, Chris Chabot <[EMAIL PROTECTED]> wrote: > So how does it prevent the use of the proxy as a 'free Akamai' when people > can use it for their images/etc? > > > On Jul 16, 2008, at 10:52 PM, Kevin Brown wrote: > > Yes, it works under that use case. Sending it as an attachment does not >> interfere with legitimate use of the proxy as it does not impact img, >> object, embed, script, or link elements or style sheet imports. >> >> On Wed, Jul 16, 2008 at 1:46 PM, Ropu <[EMAIL PROTECTED]> wrote: >> >> hi >>> >>> i have a question. >>> >>> will sending proxy results as attachment work with this example? >>> * >>> Let the container cache your dynamic content* >>> http://code.google.com/apis/opensocial/articles/latency/#dynamic >>> >>> The gadgets.io.getProxyUrl function will return the location of the >>> cached >>> version of the URL you provide, including images, JavaScript, and CSS. So >>> instead of using the URL of content hosted on your server, like this: >>> >>> function showImage() { >>> imgUrl = 'http://www.example.com/i_heart_apis_sm.png'; >>> html = ['<img src="', imgUrl, '">']; >>> document.getElementById('dom_handle').innerHTML = html.join(''); >>> }; >>> >>> showImage(); >>> >>> you can use the URL of the cached content, like this: >>> >>> function showImage() { >>> imgUrl = 'http://www.example.com/i_heart_apis_sm.png'; >>> *cachedUrl = gadgets.io.getProxyUrl(imgUrl);* >>> html = ['<img src="', *cachedUrl*, '">']; >>> document.getElementById('dom_handle').innerHTML = html.join(''); >>> }; >>> >>> >>> showImage(); >>> >>> >>> >>> if so, its preventing "free akamai"or phishing? >>> >>> said this, or the example is wrong (and we are limiting functionality) or >>> the solution is partial (or im completely mixed up :P) >>> >>> ropu >>> >>> On Fri, Jul 11, 2008 at 2:45 PM, Kevin Brown <[EMAIL PROTECTED]> wrote: >>> >>> On Fri, Jul 11, 2008 at 2:20 AM, Karsten Beyer <[EMAIL PROTECTED]> wrote: >>>> >>>> Hi, >>>>> >>>>> what is the suggested strategy to prevent abuse of the open proxy at >>>>> /gadgets/proxy? I found some old discussions from february about adding >>>>> >>>> the >>>> >>>>> IP address of the user as HTTP header. Some testing however showed that >>>>> >>>> this >>>> >>>>> is not yet implemented. >>>>> >>>>> Are there any plans to implement some kind of whitelist feature? More >>>>> importantly: Are there any reasons against implementing such a feature? >>>>> >>>> >>>> >>>> You could always add a whitelist for outbound requests, but you'd have >>>> to >>>> do >>>> a custom http fetcher implementation. >>>> >>>> The java version is currently returning all proxied files as >>>> attachments, >>>> which has helped significantly with reducing the potential of >>>> /gadgets/proxy >>>> as a phishing vector or free Akamai. >>>> >>>> >>>> >>>>> >>>>> >>>>> Best Regards, >>>>> >>>>> Karsten Beyer >>>>> [EMAIL PROTECTED] >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>> >>> >>> -- >>> .-. --- .--. ..- >>> R o p u >>> >>> >
