Yeah, and it was really handy that it did let them through, as IE also lets the URLs through in web mode (if you've enabled it in IE's internet options). Great for testing.
I wasn't able to get a -whitelist option to work with 1.5.3 and hosted mode. Here's what I'm using: -whitelist "^http[:][/][/]localhost[:]8080[/]" Any suggestions on the -whitelist to use to get the above posted code to work in 1.5.3 hosted mode? Thanks. On Oct 21, 7:40 pm, "Sumit Chandel" <[EMAIL PROTECTED]> wrote: > Hello again, > As it turns out, the SOP warning message that hosted mode issues when trying > to make the request tohttp://localhost:8080/v1in 1.5.3 is an improvement > over 1.5.2. > > The embedded Tomcat server in hosted mode is actually running on port 8888, > so a request to port 8080 does indeed violate SOP and should not be allowed > to go through. In 1.5.2, it seems that hosted mode was still allowing > requests on different ports to go through, which is actually incorrect > behaviour that looks to now be fixed in 1.5.3. > > Hope that helps, > -Sumit Chandel > > On Tue, Oct 21, 2008 at 3:37 PM, Sumit Chandel <[EMAIL PROTECTED]>wrote: > > > > > Hello everyone, > > > Hosted mode does indeed respect SOP so as to closely reflect what your > > application would look like running in a deployed environment as you > > debug. You can pass in a -whitelist for specific cross-site URLs that > > you want to communicate with, but that should only be used for quick > > debug cycles to make sure that SOP problems aren't something that you > > forget about and get stuck on at the web mode testing or production > > stage. > > > That said, Brian's code snippet doesn't seem to suggest to be making a > > cross-site request, and so should work. I'm trying to reproduce this > > now to figure out what's going on. > > > Thanks, > > -Sumit Chandel > > > On Oct 21, 8:08 am, Alex Rice <[EMAIL PROTECTED]> wrote: > > > I hope someone can clarify this. I thought Hosted Mode did have the > > > SOP restriction and I'm pretty sure I did some testing with > > > RequestBuilder in 1.5.1 or 1.5.2 and saw the SOP restrictions. Being > > > new to GWT I thought this was just by design. I sure would be > > > convenient if hosted mode did not obey the SOP! > > > > Alex > > > > On Oct 21, 8:36 am, JY <[EMAIL PROTECTED]> wrote: > > > > > I'm hitting the same problem with 1.5.3 as well. Now, I'm forced to > > > > use the -noserver mode. I hope that same policy origin check can be > > > > removed from the latest build. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
