[
https://issues.apache.org/jira/browse/WOOKIE-300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189816#comment-13189816
]
Scott Wilson commented on WOOKIE-300:
-------------------------------------
I can't think of a good way to parameterize this as you still need to
understand the subdomains and * options as well as constructing an origin. For
now I think we should just hard-code it in the templates that need it, and
leave it out of the base template.
If we created a Java command-line tool for processing the templates we could
parse properties like the browse URLs the author has set in widget.properties
and construct a set of origins and add them as <access> elements to the
config.xml (e.g. using wookie-parser.jar), but I can't think of a good approach
just using Ant and property files.
> Full whitelist access granted to any widget built from a template
> -----------------------------------------------------------------
>
> Key: WOOKIE-300
> URL: https://issues.apache.org/jira/browse/WOOKIE-300
> Project: Wookie
> Issue Type: Bug
> Components: Template
> Affects Versions: 0.9.2
> Reporter: Ross Gardler
> Priority: Blocker
> Fix For: 0.9.2
>
>
> At present the config.xml has a hard coded whitelist of '*'' - not overly
> secure!
> This should be parameterised and limited to the a sensible setting
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
