Jens, Appreciate the response. You have confirmed my fears. Your point about using a proxy is interesting. Can you help me understand how that would work. I gave this some thought in the beginning. Its not like GWT-RPC or any other AJAX style invocation from client is exempt from SOP. Then how would the proxy approach really work?
1. GWT client talks to GWT server component using Requestbuilder which has the ability to pass custom headers. This is async 2. What does the server do? Make another http call to the server in the other domain? Thanks in advance for any details you can provide Bindu On Wednesday, December 4, 2013 3:38:27 PM UTC-8, Jens wrote: > > JSONP boils down to a <script> tag inserted in your document. Thats why > you only have URL parameters. > > What you need is CORS: > http://de.wikipedia.org/wiki/Cross-Origin_Resource_Sharing > > If the external server is not configured for CORS and you don't have > control of that server then your only option is to use a server on your own > domain and let it fetch the REST data for you (kind of a proxy). On your > server you can do a normal HTTP request including auth headers. > > -- J. > > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/groups/opt_out.
