Return-Path: X-Original-To: apmail-shindig-dev-archive@www.apache.org Delivered-To: apmail-shindig-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4344FD440 for ; Tue, 31 Jul 2012 02:52:09 +0000 (UTC) Received: (qmail 94230 invoked by uid 500); 31 Jul 2012 02:52:09 -0000 Delivered-To: apmail-shindig-dev-archive@shindig.apache.org Received: (qmail 94196 invoked by uid 500); 31 Jul 2012 02:52:08 -0000 Mailing-List: contact dev-help@shindig.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@shindig.apache.org Delivered-To: mailing list dev@shindig.apache.org Received: (qmail 94181 invoked by uid 99); 31 Jul 2012 02:52:08 -0000 Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 31 Jul 2012 02:52:08 +0000 Received: from reviews.apache.org (localhost [127.0.0.1]) by reviews.apache.org (Postfix) with ESMTP id 1FAAC1C18C3; Tue, 31 Jul 2012 02:52:08 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============6285499203886205107==" MIME-Version: 1.0 Subject: Re: Review Request: Do whitelist check before consuming resources fetching content from the gadget URI From: "Marshall Shi" To: "Dan Dumont" , "Stanton Sievers" , "Ryan Baxter" Cc: "shindig" , "Marshall Shi" Date: Tue, 31 Jul 2012 02:52:08 -0000 Message-ID: <20120731025208.22302.68987@reviews.apache.org> X-ReviewBoard-URL: https://reviews.apache.org Auto-Submitted: auto-generated Sender: "Marshall Shi" X-ReviewGroup: shindig X-ReviewRequest-URL: https://reviews.apache.org/r/6198/ X-Sender: "Marshall Shi" References: <20120731025124.22301.72188@reviews.apache.org> In-Reply-To: <20120731025124.22301.72188@reviews.apache.org> Reply-To: "Marshall Shi" --===============6285499203886205107== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/6198/ ----------------------------------------------------------- (Updated July 31, 2012, 2:52 a.m.) Review request for shindig, Ryan Baxter, Dan Dumont, and Stanton Sievers. Description ------- The gadgets/ifr endpoint will fetch the gadget xml first and then do the wh= ite list check. It is consuming resources to fetch content when the gadget = is not allowed to render according to the gadget admin. The proposed fix is to move the white list check ahead of processing the ga= dget xml. If the gadget is not allowed to show, an error message will be re= turned before doing the content fetching. = This addresses bug shindig-1830. https://issues.apache.org/jira/browse/shindig-1830 Diffs ----- http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/= org/apache/shindig/gadgets/process/Processor.java 1363665 = Diff: https://reviews.apache.org/r/6198/diff/ Testing ------- Thanks, Marshall Shi --===============6285499203886205107==--