[Building Sakai] Experiences with enabling content.html.forcedownload?

Will Humphries Will.Humphries at tufts.edu
Thu Nov 1 11:01:15 PDT 2012 

It sounds like hosting user-submitted content on a seperate domain works 
well for users authenticating with SSO. Has anyone tried this approach 
with any non-SSO auth users, i.e. local guest accounts? Any neat options 
to work around the lack of SSO?

-Will

On 10/29/12 7:16 PM, Steve Swinsburg wrote:
> Hi Kevin,
>
> Sakai 2.9 will include the ability for content to be hosted on a separate domain. It will be documented in the 2.9 release notes soon.
>
> cheers,
> Steve
>
>
> On 30/10/2012, at 2:46 AM, Kevin Pittman <kevin.pittman at oit.gatech.edu> wrote:
>
>> This past summer, we upgraded from Sakai 2.5 to 2.8, and chose to turn
>> off the content.html.forcedownload setting since we'd never had it in 2.5
>> and we didn't want to introduce such a notable change in functionality
>> without understanding it better.  We're now making plans for whether or
>> not to turn on that setting for our next semester, and I'd like to get
>> some input from the rest of the Sakai community if possible.
>>
>> Are there any other schools that moved from an early version of Sakai
>> to 2.8 and chose not to enable the forcedownload setting on their
>> instance?  If so, are you using some other technology to try to protect
>> against imbedded Javascript in uploaded HTML files?  If your school did
>> enable the setting, can you offer any insight into the problems it caused
>> at first and how you dealt with them?
>>
>> Since the big issue with the direct opening of HTML files is the potential
>> for Javascript to run in the same context as Sakai, has anyone ever looked
>> into a way of configuring Sakai CLE to behave like OAE, where content files
>> are delivered over a different port?  I'm no expert on Tomcat and Java, so
>> it may be completely infeasible, but I theorize that it might be possible
>> with some creative Tomcat reconfiguration.
>>
>> Thank you,
>> Kevin
>> Georgia Tech Sakai Application Administrator
>>
>> -- 
>> Kevin Pittman                              kevin.pittman at oit.gatech.edu
>> -----------------------------------------------------------------------
>> Senior Systems Support Engineer        Office of Information Technology
>> Academic and Research Technologies      Georgia Institute of Technology
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

More information about the sakai-dev mailing list