Implement same-domain transport in gadgets.rpc
----------------------------------------------
Key: SHINDIG-456
URL: https://issues.apache.org/jira/browse/SHINDIG-456
Project: Shindig
Issue Type: Improvement
Components: Features (Javascript)
Reporter: John Hjelmstad
Priority: Minor
Attachments: rpc.js.patch
In certain cases, people may choose to render gadgets on the same domain as
their container. This may only be done when the gadget is trusted, with the
rendering service independently configured to support "safe-domain" rendering
for a given subset of content, as when using gadgets as a general-purpose
feature extension mechanism for a given site. Rendering in this way keeps all
page display and control code the same as for other gadgets, and avoids the
risk of ID pollution (which may happen when inlining non-rewritten gadget
content).
The benefit in this scenario is improved performance due to being able to make
direct calls to and from the container context. For the gadget to remain a true
gadget, it must still make all such calls through gadgets.rpc, with the
same-domain property simply providing an optimization.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
