Jamey Wood wrote:
Brian Eaton wrote:
container=shindig is not authenticated in any way. It's a hint about
the container, but don't trust it for choosing whether to serve
valuable data.
securityToken.getDomain() can be authenticated.
Thanks, Brian. And just to be clear... In the "usual" case (where no
spoofing is being attempting), these would have the same value?
Never mind that last part. Kevin's response covered it.
Thank you both!
--Jamey
On Mon, Dec 15, 2008 at 11:41 AM, Jamey Wood <[email protected]> wrote:
Is there some relationship between the "container" param when a
gadget is
rendered (e.g. "ifr?container=shindig") and the associated
SecurityToken's
domain value (e.g. "SecurityToken.getDomain())? At first glance,
both seem
like ways to allow the Shindig server to customize its behavior for the
consumer in some way (such as assuming there are entirely different
social
graphs for "container1" and "container2").
Thanks,
Jamey
