shindig-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marshall Shi" <shiwc...@cn.ibm.com>
Subject Re: Review Request: Do whitelist check before consuming resources fetching content from the gadget URI
Date Tue, 31 Jul 2012 02:52:08 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/6198/
-----------------------------------------------------------

(Updated July 31, 2012, 2:52 a.m.)


Review request for shindig, Ryan Baxter, Dan Dumont, and Stanton Sievers.


Description
-------

The gadgets/ifr endpoint will fetch the gadget xml first and then do the white list check.
It is consuming resources to fetch content when the gadget is not allowed to render according
to the gadget admin.
The proposed fix is to move the white list check ahead of processing the gadget xml. If the
gadget is not allowed to show, an error message will be returned before doing the content
fetching. 


This addresses bug shindig-1830.
    https://issues.apache.org/jira/browse/shindig-1830


Diffs
-----

  http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/process/Processor.java
1363665 

Diff: https://reviews.apache.org/r/6198/diff/


Testing
-------


Thanks,

Marshall Shi


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message