Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8033707

Usage of blank '*" value in Caller-Allowable-Codebase needs to be better documented at the doc

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 7u55
    • Fix Version/s: 8u5
    • Component/s: docs
    • Labels:
    • Resolved In Build:
      b09

      Backports

        Description

        The usage of "*" to suppress warning dialog was forbidden in 7u55/8u5. The dialog is shown very first time when application is launched, If user selects to remember decision the next time application starts than no dialog is shown.


        http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#codebase

          Activity

          Hide
          mwthomps Marty Thompson added a comment -
          The doc section that describes the Caller-Allowable-Codebase Attribute points back to the table for the Codebase attribute. However the Codebase attribute allows * and the Caller-Allowable-Codebase attribute does not. This needs to be corrected.
          Show
          mwthomps Marty Thompson added a comment - The doc section that describes the Caller-Allowable-Codebase Attribute points back to the table for the Codebase attribute. However the Codebase attribute allows * and the Caller-Allowable-Codebase attribute does not. This needs to be corrected.
          Hide
          donsmith Donald Smith added a comment -
          Support for wildcards in this attribute was not intended and has been fixed and documented in 7u55. It is worth noting that the restriction is not just for "*" stand alone, but also the use of "*" and top level domains, such as "*.org".

          An option to remember the choice is provided, and if the user chooses the option to remember the choice to run the RIA, no further warning messages are shown for the same RIA when run with JavaScript from the same source.

          Essentially, this should be a 1-time dialog in most circumstances.
          Show
          donsmith Donald Smith added a comment - Support for wildcards in this attribute was not intended and has been fixed and documented in 7u55. It is worth noting that the restriction is not just for "*" stand alone, but also the use of "*" and top level domains, such as "*.org". An option to remember the choice is provided, and if the user chooses the option to remember the choice to run the RIA, no further warning messages are shown for the same RIA when run with JavaScript from the same source. Essentially, this should be a 1-time dialog in most circumstances.

            People

            • Assignee:
              jgordon Joni Gordon
              Reporter:
              dtitov Daniil Titov
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: