http://codereview.appspot.com/32091/diff/1/2 File draft/Gadgets-API-Specification.xml (right): http://codereview.appspot.com/32091/diff/1/2#newcode677 Line 677: to distinguish proxied content renders from gadgets.io.makeRequest() calls. ...
15 years, 1 month ago
(2009-03-31 21:37:01 UTC)
#1
http://codereview.appspot.com/32091/diff/1/2
File draft/Gadgets-API-Specification.xml (right):
http://codereview.appspot.com/32091/diff/1/2#newcode677
Line 677: to distinguish proxied content renders from gadgets.io.makeRequest()
calls.
How about:
Remote sites that expect proxied content requests SHOULD reject requests that do
not have opensocial_proxied_content set to 1. If a remote site fails to
implement this check, any content in the POST body may be spoofed by a malicious
user or application.
Issue 32091: Address proxied content forging with new query parameter
(Closed)
Created 15 years, 1 month ago by awiner
Modified 14 years, 9 months ago
Reviewers:
Base URL: http://opensocial-resources.googlecode.com/svn/spec/
Comments: 1