Uploaded image for project: 'Shindig'
  1. Shindig
  2. SHINDIG-1822

Resouces(js,css) Requests through the shindig /concat servlet/proxy servlet are not signed

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.5.0-beta2
    • 2.5.0-beta2
    • Java
    • None

    Description

      Create a gadget that just has a 
      <Content><[CDATA[
      <script src="SOME-JS-FILE.js" type="text/javascript"></script>
      <link rel="stylesheet" type="text/css" href="SOME-CSS-FILE.css" />
      ]]>
      </Content>

      During the content rewrite, the container will create a js link to the Concat servlet that includes that JS or create a css link to proxy servlet that includes that CSS.

      A config option as below will be added to container.js so that URLs to the concat/proxy servlet include a security token (st=<gadet-security-token>), via this security token, the request to those js/css file from gadget can be idendified and authorized.

      //Enables/Disables securiry token for js, css resources loaded by concat servlet/proxy servlet
      "gadgets.admin.enableSecuryTokenForConcat" : "false",

      Attachments

        Activity

          People

            Unassigned Unassigned
            zhihongy@cn.ibm.com Zhihong Yang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: