Brian Eaton wrote:
container=shindig is not authenticated in any way. It's a hint about
the container, but don't trust it for choosing whether to serve
valuable data.
securityToken.getDomain() can be authenticated.
Thanks, Brian. And just to be clear... In the "usual" case (where no
spoofing is being attempting), these would have the same value?
--Jamey
On Mon, Dec 15, 2008 at 11:41 AM, Jamey Wood <[email protected]> wrote:
Is there some relationship between the "container" param when a gadget is
rendered (e.g. "ifr?container=shindig") and the associated SecurityToken's
domain value (e.g. "SecurityToken.getDomain())? At first glance, both seem
like ways to allow the Shindig server to customize its behavior for the
consumer in some way (such as assuming there are entirely different social
graphs for "container1" and "container2").
Thanks,
Jamey
