Adding <add-linker name="xs" /> did the trick. After I added it I could see the StockWatcher application from http://www.example.com/StockWatcher.html.
Now I need to test out some request/response processing but it's a good start in the right direction. Thanks! On Aug 18, 3:27 am, Thomas Broyer <[email protected]> wrote: > On 18 août, 01:08, Everett <[email protected]> wrote: > > > > > Hi All, > > > I would like to allow a particular set of other domains to access my > > GWT application (running on Google App Engine). Is this possible with > > GWT and how to do it? > > > For example: > > > Let's say I have the StockWatcher application from the tutorial > > running onhttp://stockwatcher.appspot.com. Part of the page > > StockWatcher.html are the lines > > > <link type="text/css" rel="stylesheet" href="StockWatcher.css"> > > ... > > <script type="text/javascript" language="javascript" src="stockwatcher/ > > stockwatcher.nocache.js"></script> > > > The application is run ashttp://stockwatcher.appspot.com/StockWatcher.html > > and everything works fine. > > > Now let's say I want to also allow example.com to run my StockWatcher > > application. I tell them to make a copy of StockWatcher.html in their > > root directory and change the lines above to > > > <link type="text/css" rel="stylesheet" href="http:// > > stockwatcher.appspot.com/StockWatcher.css"> > > ... > > <script type="text/javascript" language="javascript" src="http:// > > stockwatcher.appspot.com/stockwatcher/stockwatcher.nocache.js"></ > > script> > > > The application is run ashttp://www.example.com/StockWatcher.html > > and, ideally, everything works fine. > > > I tried a scenario similar to this but when I > > viewedhttp://www.example.com/StockWatcher.htmlIdidn't see the StockWatcher > > application and no errors were reported. When I view the source of > > the page everything looks fine to me. > > > My questions are: > > > 1. Is this kind of application deployment possible in GWT? > > yes, provided the app doesn't talk to the server using GWT-RPC or > similar (Google for "same origin policy" to understand why) or the > "domain" where the app runs also runs a "proxy" (the app calls the > proxy at the same origin, which relays the requests to your AppEngine > app, therefore bypassing the SOP restriction) > In the near future, browsers will implement CORS <http://www.w3.org/TR/ > cors> which will enable "safe" cross-origin requests (similar to Flash > and IE8's XDomainRequest), but for now you'll have to go the "proxy" > way (or use ugly hacks such as JSONP and/or "post form to hidden > iframe which then sets window.name") > > > 2. If so, how would you go about doing it? I'm a developer new to GWT > > so I just need a kick in the right direction. > > Add <add-linker name="xs" /> (it's known as the "cross site linker") > to your module's gwt.xml to generate *.cache.js instead of > *.cache.html; that way it won't use an iframe and won't face the same- > origin policy that have been blocking you in your experiment. But your > app will run in the context of the page instead of being "sandboxed" > in an iframe, which means that if another script modifies, say, the > Array object, you might run into troubles (this is not quite likely > but it's still a possibility). > I think the choice of GWT to run within an iframe by default also has > to do with caching wrt IE (or was it Firefox?) and/or HTTPS, which > caches *.html well but won't cache *.js... > > > 3. How would you get the example.com domain to check it against a > > whitelist of allowed domains in the GWT application? > > In your app, in onModuleLoad, check that Window.Location.getHostName() > is what you expect. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
