On Wed, Dec 17, 2008 at 9:39 AM, Henning Schmiedehausen < [email protected]> wrote:
> You *need* to install mostly the javascript that is currently part of > javascript/container. Everything else in Shindig (gadget renderer, > social api) can be run from a different domain. You don't necessarily need any of the code in javascript/container. It's there to provide a skeleton of a container in javascript, but none of it is required. If you have a page navigation based container (like myspace or Orkut), you'll probably never need to touch this code since you can emit the relevant iframes and such server side. > > > However, you need to define the relationship between your main domain > and your gadget domain, either through the security token or the code > that sets up the iframe, which usually is custom code. > > And *don't* try to be smart and use gadgets.<yourdomain> for the > renderer. Get another domain. Preferably even with a different TLP. > This is needed to ensure that there are no XSS attacks from malicious > gadgets on your web site. > > Ciao > Henning > > On Mon, Dec 15, 2008 at 06:29, <[email protected]> wrote: > > Can anybody explain this in more detail? > > > > Which parts of Shindig has to be installed in the web app to call the > gadget rendering, when Shindig runs in a different domain then the web app? > > > > Thanks > > Harry > > > > > > > > > > Jetzt komfortabel bei Arcor-Digital TV einsteigen: Mehr Happy Ends, mehr > Herzschmerz, mehr Fernsehen! Erleben Sie 50 digitale TV Programme und > optional 60 Pay TV Sender, einen elektronischen Programmführer mit Movie > Star Bewertungen von TV Movie. Außerdem, aktuelle Filmhits und spannende > Dokus in der Arcor-Videothek. Infos unter www.arcor.de/tv > > >
