Apache Wookie Release Notes | |
=========================== | |
See https://issues.apache.org/jira/browse/WOOKIE-* (where * is the number of the issue below) | |
For more detailed information on significant changes, see NEW_AND_NOTEWORTHY | |
Version 0.12.0 | |
============== | |
Bugs Fixed | |
========== | |
* WOOKIE-359 - Widget.preferences.setItem donยดt work if widget contains an iframe with a remote src | |
Improvements | |
============ | |
* WOOKIE-325 - Add a "validate package" feature to the Wookie rest API | |
* WOOKIE-357 - Improved documentation to get started with the released war | |
New Features | |
============ | |
* WOOKIE-139 Implement the W3C XML Digital Signatures for Widgets specification in Wookie | |
* WOOKIE-362 Allow Wookie to broadcast update status once a new widget is imported | |
Known Issues | |
============ | |
* WOOKIE-222 - There is a known issue when using Tomcat 7.* with Wookie. Sometimes when a widget is actually | |
loaded, a browser alert box sometimes appears informing the user of a "Session Error". | |
This is caused by the DWR library used by Wookie for Comet-based widgets handling HTTP-only cookies incorrectly; | |
Tomcat 7 uses HTTP-only cookies as the default setting to prevent cross-site scripting (XSS) attacks. | |
A workaround is to add the following to the WEB-INF/web.xml file | |
<init-param> | |
<param-name>crossDomainSessionSecurity</param-name> | |
<param-value>false</param-value> | |
</init-param> | |
Note that XSS prevention will still be in place in Tomcat 7; this just disables the additional mechanism | |
implemented in DWR that conflicts with it. | |
This is an issue for DWR 2.* with Tomcat 7.* (or earlier versions of Tomcat where useHttpOnly="true" is set.) |