On 28/10/11 17:11, Ross Gardler wrote:
On 28 October 2011 14:55, Jean-Noël Colin<[email protected]> wrote:
Another issue with this approach is that if in the reply from the remote
service there are links, those won't be proxified, thus when I click on a
button, it will invoke directly the remote site, without going through wookie,
Aren't we facing the same-origin limitation?
I'm not sure I understand the problem here. Can you give a concrete
example of where same-origin would be a problem in this case.
Ross
Sorry for interrupting your discussion, I think one example could be: I
build a widget that displays my gmail messages. When loading for the 1st
time, the widget instance proxify the URL to google authentication
server (e.g: https://accounts.google.com) the login page then returned
and displayed on widget, all the elements in this page refer directly to
google, so even when I put the correct username and password and then
click on the link "login", the iframe still be empty because of xxs
protection, isn't it ? Could we overcome the problem if the link "login"
on the page is proxified ? Thanks.
Tien.
