none
Yammer Webpart - Images not showing. RRS feed

  • Question

  • We have configured Yammer Sharepoint 2010 web part in our intranet and everything is looking fine except for the fact that no posted images are displayed in the Sharepoint.  I noticed from the fiddler 401 error on the image request. Could any one guide?thanks.


    Sutha Thavaratnarajah

    Monday, October 13, 2014 1:41 AM

Answers

  • I have received response from MS support.

    here is the response.

    In late 2013, we identified a potential security vulnerability in the architecture of the Yammer for SharePoint 2010 web-part. The web-part was routing its cross-domain requests to Yammer through an Adobe Flash proxy which was using a local security policy file. The request to the local policy file enables Yammer to essentially whitelist any domain. This is a vulnerability because if an attacker is aware of this mechanism, s/he can make requests to arbitrary Yammer urls and scrape content. We fixed this security vulnerability by removing the flash proxy thereby routing those calls to Yammer APIs through SharePoint servers. The authentication now happens at the SharePoint server, thus preventing any cross-site request forgery attacks. 

    A bug was later filed about images failing to render in the feed due to the image request not being routed through the SharePoint servers; 


    Sutha Thavaratnarajah

    Saturday, October 25, 2014 8:53 PM