Hello, I'm not sure where is the best place to discuss this. I have created an Issue [1] yesteday, but I suppose not too many people will find it there so I am posting on the list too.
I will quote the issue here for reference: in my current gwt project I need to make cross-site requests and as we all know too well, with SOP it's not as easy as it should be, but there are various hacks available. I came up with a new one, which is expanding the window.name hack (a bit more details on http://blog.piotrj.org/2009/04/wndowname-hack-taken-step-further-full.html ): * Create an iframe * Encode XHR params and a dummy localUrl in the iframe's window.name * Change the iframe's location to the server's proxy script * The proxy script reads params from window.name and creates the real XHR * Fire the XHR and encode the response (all of it) in window.name * Change the location back to localUrl * Read the response from the iframe's window.name It's more or less the url#communication hack, but with a better communication scheme. On the server-side all it needs is setting the caching headers for the proxy script. I have a working patch implementing this in GWT, but before I go into details I would like to hear whether it's something that would be suitable for GWT in general. One thing that I think would be nice to do is to look at the HTML 5 cross site xhr implementations and use them where available and only fallback to this solution on older browsers. --- Security-wise I think it can match the w3 spec - at least for GETs and POSTs (other methods are not supported in GWT anyway because of the safari bug). The server would be required to send the access control headers then, but that's a good idea anyway as it will be required for the new cross site xhr anyway. [1] - http://code.google.com/p/google-web-toolkit/issues/detail?id=3722 [2] - http://www.w3.org/TR/access-control/ -- Best Regards, Piotr Jaroszyński --~--~---------~--~----~------------~-------~--~----~ http://groups.google.com/group/Google-Web-Toolkit-Contributors -~----------~----~----~----~------~----~------~--~---
