On 18 août, 01:08, Everett <[email protected]> wrote:
> Hi All,
>
> I would like to allow a particular set of other domains to access my
> GWT application (running on Google App Engine). Is this possible with
> GWT and how to do it?
>
> For example:
>
> Let's say I have the StockWatcher application from the tutorial
> running onhttp://stockwatcher.appspot.com. Part of the page
> StockWatcher.html are the lines
>
> <link type="text/css" rel="stylesheet" href="StockWatcher.css">
> ...
> <script type="text/javascript" language="javascript" src="stockwatcher/
> stockwatcher.nocache.js"></script>
>
> The application is run ashttp://stockwatcher.appspot.com/StockWatcher.html
> and everything works fine.
>
> Now let's say I want to also allow example.com to run my StockWatcher
> application. I tell them to make a copy of StockWatcher.html in their
> root directory and change the lines above to
>
> <link type="text/css" rel="stylesheet" href="http://
> stockwatcher.appspot.com/StockWatcher.css">
> ...
> <script type="text/javascript" language="javascript" src="http://
> stockwatcher.appspot.com/stockwatcher/stockwatcher.nocache.js"></
> script>
>
> The application is run ashttp://www.example.com/StockWatcher.html
> and, ideally, everything works fine.
>
> I tried a scenario similar to this but when I
> viewedhttp://www.example.com/StockWatcher.htmlI didn't see the StockWatcher
> application and no errors were reported. When I view the source of
> the page everything looks fine to me.
>
> My questions are:
>
> 1. Is this kind of application deployment possible in GWT?
yes, provided the app doesn't talk to the server using GWT-RPC or
similar (Google for "same origin policy" to understand why) or the
"domain" where the app runs also runs a "proxy" (the app calls the
proxy at the same origin, which relays the requests to your AppEngine
app, therefore bypassing the SOP restriction)
In the near future, browsers will implement CORS <http://www.w3.org/TR/
cors> which will enable "safe" cross-origin requests (similar to Flash
and IE8's XDomainRequest), but for now you'll have to go the "proxy"
way (or use ugly hacks such as JSONP and/or "post form to hidden
iframe which then sets window.name")
> 2. If so, how would you go about doing it? I'm a developer new to GWT
> so I just need a kick in the right direction.
Add <add-linker name="xs" /> (it's known as the "cross site linker")
to your module's gwt.xml to generate *.cache.js instead of
*.cache.html; that way it won't use an iframe and won't face the same-
origin policy that have been blocking you in your experiment. But your
app will run in the context of the page instead of being "sandboxed"
in an iframe, which means that if another script modifies, say, the
Array object, you might run into troubles (this is not quite likely
but it's still a possibility).
I think the choice of GWT to run within an iframe by default also has
to do with caching wrt IE (or was it Firefox?) and/or HTTPS, which
caches *.html well but won't cache *.js...
> 3. How would you get the example.com domain to check it against a
> whitelist of allowed domains in the GWT application?
In your app, in onModuleLoad, check that Window.Location.getHostName()
is what you expect.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
