[
https://issues.apache.org/jira/browse/SHINDIG-158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12641451#action_12641451
]
Kevin Brown commented on SHINDIG-158:
-------------------------------------
igoogle isn't on a shindig based setup (at least not yet).
Orkut and friendconnect are though, and they both do the same thing:
- Metadata request server side to our gadget server deployment (we use a
slightly tweaked version of the metadata servlet that uses
http://code.google.com/p/protobuf/ for the wire format)
- Generate iframe in code with rpctoken in the query string instead of fragment
along with javascript (inline) containing the rpctoken's value
Adding the rpctoken to the query string wasn't a big deal here because we don't
serve cacheable iframes (security tokens are passed in the query string to
facilitate authenticated preloads and proxied rendering).
The problem with gadgets.js is that some browsers keep the iframes but still
re-run the code that produces random rpc tokens. The only way to prevent this
from happening is to ensure that either the iframes are generated server side
or that the javascript is always fully torn down. The latter is tricky because
of various browser bugs, so I recommend the former for any site that is largely
using normal http navigation (I believe both LinkedIn and hi5 fall into that
category).
> Reloading when using postMessage causes RPC errors
> --------------------------------------------------
>
> Key: SHINDIG-158
> URL: https://issues.apache.org/jira/browse/SHINDIG-158
> Project: Shindig
> Issue Type: Bug
> Components: Sample container & Examples
> Environment: Firefox 3.0, Safari 3.1
> Reporter: Paul Lindner
>
> 1) View sample container page
> 2) Before the gadget has rendered press reload (if using Firefox 3.0), For
> Safari just reload
> 3) rpc token errors will be observed, and dynamic-height etc will fail.
> I added some debugging, here's Safari's output
> setting authtoken to '1622832586
> http://mirth.inuus.com:8080/gadgets/files/samplecontainer/samplecontainer.html?
> BEWARE: permissive.js loaded
> http://mirth.inuus.com:8080/gadgets/ifr?url=http%3A%2F%2Fmirth.inuus.com%3A8080%2Fgadgets%2Ffiles%2Fsamplecontainer%2Fexamples%2FSocialHelloWorld.xml&synd=default&mid=0&nocache=1&country=ALL&lang=ALL&view=default&parent=http%3A%2F%2Fmirth.inuus.com%3A8080#rpctoken=983258013&st=john.doe:john.doe:samplecontainerapp:shindig
> Error: Invalid auth token: '983258013' does not match '1622832586'
> http://mirth.inuus.com:8080/gadgets/js/rpc.js?c=1&debug=1 (line 571)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
