What protections does the xdm_e provide for remote procedure calls?

63 views
Skip to first unread message

Ransom Briggs

unread,
Jun 17, 2014, 5:51:23 PM6/17/14
to eas...@googlegroups.com
Hello,

I only want to allow certain trusted domains to communicate with my provider, and it seemed easier to ban this on the server side.  So basically if the domain were not trusted, the backend would serve up up a provider page with error methods, otherwise I would serve up the protected methods.  What I was wondering is if the xdm_e parameter enforces a domain check before executing rpc methods, or would I still need to that in my Javascript methods using rpc.origin?  I assumed this was the purpose of xdm_e, but wanted to verify.

Thanks,
Ransom
Reply all
Reply to author
Forward
0 new messages