On Tue, Mar 31, 2009 at 2:37 PM, <bea...@google.com> wrote:
>
> http://codereview.appspot.com/32091/diff/1/2
> File draft/Gadgets-API-Specification.xml (right):
>
> http://codereview.appspot.com/32091/diff/1/2#newcode677
> Line 677: to distinguish proxied content renders from
> gadgets.io.makeRequest() calls.
> How about:
>
> Remote sites that expect proxied content requests SHOULD reject requests
> that do not have opensocial_proxied_content set to 1. If a remote site
> fails to implement this check, any content in the POST body may be
> spoofed by a malicious user or application.
>
> http://codereview.appspot.com/32091
>
Ok.+1