Uploaded image for project: 'Shindig'
  1. Shindig
  2. SHINDIG-1884

open social feature config path hardcoded the http scheme

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.5.0-beta5
    • 2.5.0, 2.5.0-beta6
    • Javascript
    • None

    Description

      Default container.js has such setting for open social feature:
      "opensocial" : {
      // Path to fetch opensocial data from
      // Must be on the same domain as the gadget rendering server
      "path" : "http://%host%${CONTEXT_ROOT}/rpc",
      // Path to issue invalidate calls
      "invalidatePath" : "http://%host%${CONTEXT_ROOT}/rpc",

      Problem with these setting is that if consumer deploy Shindig with HTTPS, they need to manually change the http here to https. Proposal is to leave the scheme part of the setting empty and request send will be automatically use the relative scheme.

      Attachments

        1. opensocial_path.patch
          0.6 kB
          Marshall Shi

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. SHINDIG-1870 Cross-site issue as http scheme is hardcoded in some URI template in container.js

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              marshall_601 Marshall Shi
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 2h
                  2h
                  Remaining:
                  Remaining Estimate - 2h
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified