On 12 Mar 2011, at 01:10, Ross Gardler wrote: > On 12/03/2011 00:06, [email protected] wrote: >> Author: scottbw >> Date: Sat Mar 12 00:06:32 2011 >> New Revision: 1080812 >> >> URL: http://svn.apache.org/viewvc?rev=1080812&view=rev >> Log: >> Gave the Freeder widget "global origin" permission and removed the "URL must >> be whitelisted" message - it now works straight away. > > What are the implications of this? > > If we are happy to just whitelist everything on the planet why have origin > restrictions at all? > > (this isn't a critique of your change, rather a desire to understand the > motivations of the origin controls).
The wildcard origin in WARP is specifically there to support RSS-reader-type widgets - it means that the Freeder widget has a general access grant. It isn't shared by any other widgets as WARP policies only apply to a specific widget. In this case, as its an RSS reader, the Wookie admin should be OK about granting wildcard access as its clear what the code is going to use the access for. > > Ross > >> >> Modified: >> incubator/wookie/trunk/widgets/freeder/config.xml >> incubator/wookie/trunk/widgets/freeder/index.html >> >> Modified: incubator/wookie/trunk/widgets/freeder/config.xml >> URL: >> http://svn.apache.org/viewvc/incubator/wookie/trunk/widgets/freeder/config.xml?rev=1080812&r1=1080811&r2=1080812&view=diff >> ============================================================================== >> --- incubator/wookie/trunk/widgets/freeder/config.xml (original) >> +++ incubator/wookie/trunk/widgets/freeder/config.xml Sat Mar 12 00:06:32 >> 2011 >> @@ -24,7 +24,7 @@ >> <description>An RSS reader widget optimised for small screens or desktop >> widgets.</description> >> <content src="index.html"/> >> <icon src="images/icon.png"/> >> -<access origin="http://osswatch.jiscinvolve.org/feed"/> >> +<access origin="*"/> >> <author>Apache Wookie (Incubating) Team</author> >> <licence>Licensed to the Apache Software Foundation (ASF) under one or >> more >> contributor license agreements. See the NOTICE file distributed with >> >> Modified: incubator/wookie/trunk/widgets/freeder/index.html >> URL: >> http://svn.apache.org/viewvc/incubator/wookie/trunk/widgets/freeder/index.html?rev=1080812&r1=1080811&r2=1080812&view=diff >> ============================================================================== >> --- incubator/wookie/trunk/widgets/freeder/index.html (original) >> +++ incubator/wookie/trunk/widgets/freeder/index.html Sat Mar 12 00:06:32 >> 2011 >> @@ -58,7 +58,6 @@ >> <div data-role="fieldcontain"> >> <label for="feedURL">Feed >> URL:</label> >> <input type="url" name="name" >> id="name" /> >> - <p>Note, your URL must be >> whitelisted on the Wookie server.</p> >> </div> >> <div data-role="fieldcontain"> >> <button type="submit" >> onClick="Properties.submitForm(this.form)" value="save-settings" >> name="save-settings">Save</button> >> >> >
