JDK-8033707 : Usage of blank '*" value in Caller-Allowable-Codebase needs to be better documented at the doc
  • Type: Bug
  • Component: docs
  • Affected Version: 7u55
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2014-02-05
  • Updated: 2014-04-17
  • Resolved: 2014-02-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u55Fixed 8u11Fixed 9Fixed
The usage of "*" to suppress warning dialog was forbidden in 7u55/8u5. The dialog is shown very first time when application is launched, If user selects to remember decision the next time application starts than no dialog is shown.


Support for wildcards in this attribute was not intended and has been fixed and documented in 7u55. It is worth noting that the restriction is not just for "*" stand alone, but also the use of "*" and top level domains, such as "*.org". An option to remember the choice is provided, and if the user chooses the option to remember the choice to run the RIA, no further warning messages are shown for the same RIA when run with JavaScript from the same source. Essentially, this should be a 1-time dialog in most circumstances.

The doc section that describes the Caller-Allowable-Codebase Attribute points back to the table for the Codebase attribute. However the Codebase attribute allows * and the Caller-Allowable-Codebase attribute does not. This needs to be corrected.