opensocial_viewerid not passed on gadgets.io.makeRequest() calls
Closed this issue · 2 comments
Original author: Thomas.B...@gmail.com (February 21, 2008 16:00:30)
Description of the bug/feature
==================================
When gadgets.io.makeRequest() is called, opensocial_viewerid is not
currently being passed even if the viewer has added the application.
What steps will reproduce the problem?
======================================
- Add an application that uses gadgets.io.makeRequest
- Run the code that makes the call
- Check the parameters passed in the call
What is the expected output?
============================
opensocial_viewerid should be included among the signed parameters passed
to the remote server.
What is the actual output?
==========================
opensocial_viwerid is not among the signed parameters passed to the remote
server.
Which container are you using?
==============================
This happens from both the profile and canvas view on orkut with
opensocial-0.7
Which browsers have you experienced this on?
============================================
Not particularly relevant, but consistent across Opera, Firefox, and IE.
Which operating systems have you experienced this on?
=====================================================
Vista, XP, Debian Etch
Please provide any additional information below.
This issue is being filed pursuant to the posts in
http://groups.google.com/group/opensocial-orkut/browse_thread/thread/
c11ed68173a2bc69/62528308a69e61cf on 20 Feb.
Original issue: http://code.google.com/p/opensocial-resources/issues/detail?id=70
From seanblag...@gmail.com on March 03, 2008 12:39:01
We really cannot have any sort of security and authentication to our app without
this. Babajob will not ship unless this feature is supported (we deal with sending
money to orkut users and if we cannot validate them, we cannot go live).
Sean
From lcd....@gmail.com on March 03, 2008 23:03:14
Seconded. We aren't sending money to anyone, but also cannot, in good conscience,
ship an app where users' accounts can be hacked because we don't have a signed
viewer parameters with which to authenticate them.