I was writing a new (GWT!) TeamCity plugin Friday for the plasmas around the office used to show each team's build state. Because it cannot use JSONP, I had to use a XHR, but I don't develop on the same machine as the TC server, since the domain and ports would need to match and that would cause conflicts for the dev mode server.
I thus had a similar issue as you mention, needing to get around SOP for dev mode, but not in production (where plugin will be on same server). The solution is to just disable SOP in your dev browser. Sure, I know this is risky, but I have a custom install of Chrome just for this, so I'm not visiting hackzor sites with it. Chrome: start with* --disable-web-security* Safari: start with* --disable-web-security** * IE: too bad :( Firefox: Use the Force CORS plugin<https://addons.mozilla.org/en-US/firefox/addon/forcecors/> OR in FF set the privilege manually, but this will prompt you to confirm try { netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");} catch (e) { alert("UniversalBrowserRead failed");} Oh, and for the question "Why not just use JSONP?" the Team City REST API needs an *Accept *header set to the JSON MIME type or it returns XML. AFAIK you cannot do XML through JsonpRequest. So, given the JsonpRequest is not a true *request*, but a <script> tag hack, there is no way to set the headers on it like an XHR. I've opened a bug<http://youtrack.jetbrains.com/issue/TW-21982>about this, to add a format=[XML|JSON] flag like more API's have for this reason. Vote it up if you've the same issue. I hope the helps. Sincerely, Joseph -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/8RyZWgcwXmwJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
