United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-8033707 Usage of blank '*" value in Caller-Allowable-Codebase needs to be better documented at the doc
JDK-8033707 : Usage of blank '*" value in Caller-Allowable-Codebase needs to be better documented at the doc

Details
Type:
Bug
Submit Date:
2014-02-05
Status:
Resolved
Updated Date:
2014-04-17
Project Name:
JDK
Resolved Date:
2014-02-18
Component:
docs
OS:
Sub-Component:
CPU:
Priority:
P3
Resolution:
Fixed
Affected Versions:
7u55
Fixed Versions:
8u5 (b09)

Related Reports
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:

Sub Tasks

Description
The usage of "*" to suppress warning dialog was forbidden in 7u55/8u5. The dialog is shown very first time when application is launched, If user selects to remember decision the next time application starts than no dialog is shown.


http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#codebase 

                                    

Comments
The doc section that describes the Caller-Allowable-Codebase Attribute points back to the table for the Codebase attribute.  However the Codebase attribute allows * and the Caller-Allowable-Codebase attribute does not.  This needs to be corrected.
                                     
2014-02-06
Support for wildcards in this attribute was not intended and has been fixed and documented in 7u55.  It is worth noting that the restriction is not just for "*" stand alone, but also the use of "*" and top level domains, such as "*.org".  

An option to remember the choice is provided, and if the user chooses the option to remember the choice to run the RIA, no further warning messages are shown for the same RIA when run with JavaScript from the same source.  

Essentially, this should be a 1-time dialog in most circumstances.
                                     
2014-04-17



Hardware and Software, Engineered to Work Together