Dear all, Currently, the widget instance id is used as url parameter is vulnerable to eavesdropping, event the line is SSL enabled. Some one can listen on the line, and capture this id then hijack the widget instance. To avoid that, we simply put it in hash part of URL to make sure that it always stays at the browser side, not travel on the line. Another thing, should we keep also the proxy url in widget instance url or just inject it as a parameter in widget object when initiating? It would shorten the url. How do you think ?
Tien.
