Hi JP, The SOP violation has to do with browser restrictions rather than server-side technology such as J2EE.
The browser itself enforces single origin policy, which is what prevents cross-site calls to external domains or different ports. The fact that hosted mode permitted calls to different ports prior to 1.5.3 is actually a bug because it allowed non-standard behaviour. However, it seems like a few community members feel strongly about this change in hosted mode in 1.5.3. The argument is that allowing calls to different ports actually helped speed up the development cycle by allowing shortcuts to setup proxies or makeshift test servers. I believe the right way to deal with the problem is to use hosted mode with the -noserver argument, as it will allow for custom setups using proxies. However, for those who feel strongly about the change, I would suggest creating an issue report on the Issue Tracker for this feature and starring it for all those interested in seeing it in core. That way it will be on the team's radar if enough people believe it should be an included feature. Issue Tracker: http://code.google.com/p/google-web-toolkit/issues/list Hope that helps, -Sumit Chandel On Fri, Nov 21, 2008 at 1:23 PM, jpnet <[EMAIL PROTECTED]> wrote: > > This is not a feature! Please fix this. Allow us developers to > violate the SOP via the Hosted-Mode browsers. You are screwing your > developers that don't use J2EE on the backend. > > -JP > > On Nov 19, 7:33 pm, Sumit Chandel <[EMAIL PROTECTED]> wrote: > > Hi Danny, > > > > The issue you ran into is not actually a bug but an improvement in 1.5.3 > in > > terms of browser security compliance. > > > > Basically, the remote data you are fetching is indeed violating the > single > > origin policy, which is why you are seeing the error message come up in > the > > hosted mode console. > > > > The two ways to enable cross-site communication would be to use -noserver > > with a proxy that could delegate the calls or using the JSONP technique. > > Both are described in a bit more detail on the Groups post linked below: > > > > http://groups.google.com/group/Google-Web-Toolkit/browse_thread/threa... > > > > Hope that helps, > > -Sumit Chandel > > > > On Thu, Nov 13, 2008 at 5:05 PM, Danny <[EMAIL PROTECTED]> wrote: > > > > > Just thought I'd post an update... > > > > > I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this > > > is a bug with 1.5.3. > > > > > Regards, > > > Danny > > > > > On Nov 14, 12:40 am, Danny <[EMAIL PROTECTED]> wrote: > > > > Hi All, > > > > > > I finally got round to making my app run in 1.5 and all is looking > > > > good. However I often use hosted mode with remote data, which helps > > > > massively when debugging issues. I am using RequestBuilder. > > > > > > I'm getting a weird error in 1.5, if I switch back to 1.4 it works > > > > perfectly. I get the following when in hosted mode. > > > > > > The URLhttp://x.x.x.x/yyyy.zzzisinvalid or violates the same-origin > > > > security restriction > > > > > > I've enabled cross-brower communication in Internet Explorer and > added > > > > the site to my Local Intranet, but still not joy. > > > > > > Can anyone shed any light on this? > > > > > > Many thanks, > > > > Danny > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
