Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(21)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 28115: Add option to force verifiable-parent message transport to rpc.js (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
16 years, 6 months ago by johnfargo
Modified:
16 years, 1 month ago
Reviewers:
beaton, shindig.remailer
Base URL:
https://svn.apache.org/repos/asf/incubator/shindig/trunk/features
Visibility:
Public.

Description

Some type=url gadgets may retrieve sensitive data via cookie, and potentially communicate that data to their container by way of gadgets.rpc. In this case, such gadgets need to verify their parent to avoid this data being stolen by a malicious website. The attached patch forces use of a "verifiable parent" message transport - currently, only IFPC fits this description, as a transport whose relayUrl can be trusted for its host information, when the message is sent correctly at all.

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+11 lines, -0 lines) Patch
src/main/javascript/features/rpc/rpc.js View 1 chunk +11 lines, -0 lines 0 comments Download

Messages

Total messages: 1
johnfargo
16 years, 6 months ago (2009-03-26 22:26:41 UTC) #1 

          

          

            
              Sign in to reply to this message.
            
          

        


      

    

    

  













      		
    

  





  
    
  






  Powered by Google App Engine





  

  RSS Feeds
  Recent Issues
  
  
  |
  This issue
  
  

  
This is Rietveld f62528b