Re: SuperDevMode and same origin policy

2015-10-23 Thread Jens 


> Thomas, you are right. I had some conditional logic which chose which 
> scripts should be loaded in production or dev mode (original or minified 
> and merged) but I used GWT.isProdMode() and forgot that in SDM it returns 
> true... Sorry for that.
>

You can use the following in your condition:

public static boolean isSDM() {
  return GWT.isScript() && !GWT.getModuleBaseForStaticFiles().equals(GWT.
getModuleBaseURL());
}


-- J.

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Re: SuperDevMode and same origin policy

2015-10-23 Thread Greg 
Thomas, you are right. I had some conditional logic which chose which 
scripts should be loaded in production or dev mode (original or minified 
and merged) but I used GWT.isProdMode() and forgot that in SDM it returns 
true... Sorry for that.

On Thursday, October 22, 2015 at 10:36:57 PM UTC+2, Thomas Broyer wrote:
>
> Aren't public sources copied to launcherDir on startup? Isn't it possible 
> to load the files from the appropriate origin?

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Re: SuperDevMode and same origin policy

2015-10-23 Thread Thomas Broyer 


On Friday, October 23, 2015 at 1:14:31 PM UTC+2, Jens wrote:
>
>
> Thomas, you are right. I had some conditional logic which chose which 
>> scripts should be loaded in production or dev mode (original or minified 
>> and merged) but I used GWT.isProdMode() and forgot that in SDM it returns 
>> true... Sorry for that.
>>
>
> You can use the following in your condition:
>
> public static boolean isSDM() {
>   return GWT.isScript() && !GWT.getModuleBaseForStaticFiles().equals(GWT.
> getModuleBaseURL());
> }
>
>
>
And in GWT 2.8+ Boolean.parseBoolean(System.getProperty("superdevmode")) ;-)
(which reminds me that Boolean.getBoolean() and friends aren't emulated)

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Re: SuperDevMode and same origin policy

2015-10-22 Thread Greg 
Thanks JonL,

I'm aware of CORS headers, but unfortunately this case is different. 
Currently WebWorker will not start if it's not in the same origin as the 
context that wants to start it... According to the spec it should start in 
different security context but that's not yet supported in browsers.

The other idea I came up was to fetch worker code with ajax and use it as a 
blob: uri, but I would have to do the same for all imported scripts which 
is not that nice considering the fact that I already have a fallback for a 
situation when workers are not supported.

On Thursday, October 22, 2015 at 3:34:26 PM UTC+2, JonL wrote:
>
> Greg,
>
> You can create a filter that will set the appropriate headers for things 
> served from the CodeServer with a filter like the one below (from 
> https://spring.io/guides/gs/rest-service-cors/) .
>
>
> public class SimpleCORSFilter implements Filter {
>
>   public void doFilter(ServletRequest req, ServletResponse res, 
> FilterChain chain) throws IOException, ServletException {
>   HttpServletResponse response = (HttpServletResponse) res;
>   response.setHeader("Access-Control-Allow-Origin", "*");
>   response.setHeader("Access-Control-Allow-Methods", "POST, GET, 
> PUT, OPTIONS, DELETE");
>   response.setHeader("Access-Control-Max-Age", "3600");
>   response.setHeader("Access-Control-Allow-Headers", "Origin, 
> X-Requested-With, Content-Type, Accept");
>   chain.doFilter(req, res);
>   }
>
>   public void init(FilterConfig filterConfig) {}
>
>   public void destroy() {}
> }
>
>
>
> Only use this filter in dev mode though, remove it from the web.xml for 
> production.
>
> On Wednesday, October 21, 2015 at 8:02:56 AM UTC-7, Greg wrote:
>>
>> Hi
>>
>> This is an old thread but I have similar SOP issue:
>>
>> I have a host page in the root of the webapp: /index.html
>> I also have a web worker on public path which ends up in 
>> /worker/Name.worker.js
>>
>> I'm starting the worker using 'new Worker(); 
>> which is based on GWT.getModuleBaseUrlForStaticFiles();
>>
>> The problem is when running in SDM public path is hosted from CodeServer 
>> and not from DevMode server where host page is located:
>> http://localhost:/index.html
>> http://localhost:9876//worker/Name.worker.js
>>
>> Is there any workaround for this except moving worker file from public 
>> path to webapp directory?
>>
>> Greg
>>
>> On Monday, March 4, 2013 at 11:22:45 AM UTC+1, Thomas Broyer wrote:
>>>
>>>
>>>
>>> On Monday, March 4, 2013 10:45:35 AM UTC+1, Harold wrote:

 Hi Thomas,

 Thanks for you answer.

 Following your suggestion ( new Image(myImageResource) ), there is no 
 more security error :)

 All my textures are loaded but are almost empties. According to 
 WebGLInspector all textures have size 1x1 with a transparent pixel.
 It looks like that the HTMLImageElement obtained via image.getElement() 
 is not properly filled now.

 An idea about that ?

>>>
>>> The image then is probably a "clipped image" using a sprited image: the 
>>> image itself is a 1×1px transparent gif (clear.cache.gif, served from the 
>>> same origin as the app) and the image is set as its background, with 
>>> background-position and clip to only show the portion of the sprited image 
>>> that corresponds to the original image. That makes me think we should add a 
>>> isComplete() or isSprited() to ImageResource to "optimize" the way we 
>>> create Image widgets out of ImageResources (which I happen to have already 
>>> proposed in issue 7403 
>>> ).
>>>
>>> Anyway, that explains why the security error has vanished.
>>> So in the mean time, revert to "new Image(myImageResource.getSafeUri())" 
>>> (no need to use asString(), there's an overload taking a SafeUri argument), 
>>> but then I bet you'll have the security error back…
>>>


-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Re: SuperDevMode and same origin policy

2015-10-22 Thread Thomas Broyer 
Aren't public sources copied to launcherDir on startup? Isn't it possible to 
load the files from the appropriate origin?

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Re: SuperDevMode and same origin policy

2015-10-22 Thread JonL 
Greg,

You can create a filter that will set the appropriate headers for things 
served from the CodeServer with a filter like the one below (from 
https://spring.io/guides/gs/rest-service-cors/) .


public class SimpleCORSFilter implements Filter {

public void doFilter(ServletRequest req, ServletResponse res, 
FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, 
PUT, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, 
X-Requested-With, Content-Type, Accept");
chain.doFilter(req, res);
}

public void init(FilterConfig filterConfig) {}

public void destroy() {}
}



Only use this filter in dev mode though, remove it from the web.xml for 
production.

On Wednesday, October 21, 2015 at 8:02:56 AM UTC-7, Greg wrote:
>
> Hi
>
> This is an old thread but I have similar SOP issue:
>
> I have a host page in the root of the webapp: /index.html
> I also have a web worker on public path which ends up in 
> /worker/Name.worker.js
>
> I'm starting the worker using 'new Worker(); 
> which is based on GWT.getModuleBaseUrlForStaticFiles();
>
> The problem is when running in SDM public path is hosted from CodeServer 
> and not from DevMode server where host page is located:
> http://localhost:/index.html
> http://localhost:9876//worker/Name.worker.js
>
> Is there any workaround for this except moving worker file from public 
> path to webapp directory?
>
> Greg
>
> On Monday, March 4, 2013 at 11:22:45 AM UTC+1, Thomas Broyer wrote:
>>
>>
>>
>> On Monday, March 4, 2013 10:45:35 AM UTC+1, Harold wrote:
>>>
>>> Hi Thomas,
>>>
>>> Thanks for you answer.
>>>
>>> Following your suggestion ( new Image(myImageResource) ), there is no 
>>> more security error :)
>>>
>>> All my textures are loaded but are almost empties. According to 
>>> WebGLInspector all textures have size 1x1 with a transparent pixel.
>>> It looks like that the HTMLImageElement obtained via image.getElement() 
>>> is not properly filled now.
>>>
>>> An idea about that ?
>>>
>>
>> The image then is probably a "clipped image" using a sprited image: the 
>> image itself is a 1×1px transparent gif (clear.cache.gif, served from the 
>> same origin as the app) and the image is set as its background, with 
>> background-position and clip to only show the portion of the sprited image 
>> that corresponds to the original image. That makes me think we should add a 
>> isComplete() or isSprited() to ImageResource to "optimize" the way we 
>> create Image widgets out of ImageResources (which I happen to have already 
>> proposed in issue 7403 
>> ).
>>
>> Anyway, that explains why the security error has vanished.
>> So in the mean time, revert to "new Image(myImageResource.getSafeUri())" 
>> (no need to use asString(), there's an overload taking a SafeUri argument), 
>> but then I bet you'll have the security error back…
>>
>>>

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Re: SuperDevMode and same origin policy

2015-10-21 Thread Greg 
Hi

This is an old thread but I have similar SOP issue:

I have a host page in the root of the webapp: /index.html
I also have a web worker on public path which ends up in 
/worker/Name.worker.js

I'm starting the worker using 'new Worker(); 
which is based on GWT.getModuleBaseUrlForStaticFiles();

The problem is when running in SDM public path is hosted from CodeServer 
and not from DevMode server where host page is located:
http://localhost:/index.html
http://localhost:9876//worker/Name.worker.js

Is there any workaround for this except moving worker file from public path 
to webapp directory?

Greg

On Monday, March 4, 2013 at 11:22:45 AM UTC+1, Thomas Broyer wrote:
>
>
>
> On Monday, March 4, 2013 10:45:35 AM UTC+1, Harold wrote:
>>
>> Hi Thomas,
>>
>> Thanks for you answer.
>>
>> Following your suggestion ( new Image(myImageResource) ), there is no 
>> more security error :)
>>
>> All my textures are loaded but are almost empties. According to 
>> WebGLInspector all textures have size 1x1 with a transparent pixel.
>> It looks like that the HTMLImageElement obtained via image.getElement() 
>> is not properly filled now.
>>
>> An idea about that ?
>>
>
> The image then is probably a "clipped image" using a sprited image: the 
> image itself is a 1×1px transparent gif (clear.cache.gif, served from the 
> same origin as the app) and the image is set as its background, with 
> background-position and clip to only show the portion of the sprited image 
> that corresponds to the original image. That makes me think we should add a 
> isComplete() or isSprited() to ImageResource to "optimize" the way we 
> create Image widgets out of ImageResources (which I happen to have already 
> proposed in issue 7403 
> ).
>
> Anyway, that explains why the security error has vanished.
> So in the mean time, revert to "new Image(myImageResource.getSafeUri())" 
> (no need to use asString(), there's an overload taking a SafeUri argument), 
> but then I bet you'll have the security error back…
>
>>

-- 
You received this message because you are subscribed to the Google Groups "GWT 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

Re: SuperDevMode and same origin policy

2013-03-04 Thread Thomas Broyer 
On Sunday, March 3, 2013 10:52:29 PM UTC+1, Harold wrote:

 Hi all,

 I am using super dev mode and i have an issue, i think,, with same origin 
 policy.

 I have a ClientBundle containing many ImageResource which will be used as 
 WebGL textures.

 To load those images i do :

 Image image = new Image(myImageResource.getSafeUri().asString();


Don't do that. Use new Image(myImageResource), or use a DataResource.
 

 RootLayoutPanel.get().add(image);
 image.setVisible(false);
 this.img.addLoadHandler(this);
 this.img.addErrorHandler(this);

 where this is a class implenting LoadHandler and ErrorHandler.

 Then in the onLoad method :

 this.InitializeTexture(this.img.getElement());
 RootLayoutPanel.get().remove(this.img);

 And finally the InitializeTexture :

 /**
 * \brief Initializes the gl texture with the loaded image.
 */
 public void InitializeTexture(Element inElement)
 {
 // Set current texture object as active
 this.Bind(WebGLRenderingContext.TEXTURE_2D);
   // If generating mipmap is requested, parameter the texture filtering 
 to using them and generate mipmaps ...
  if(this.generateMipmap)
 {
 this.gl.texParameteri(WebGLRenderingContext.TEXTURE_2D, 
 WebGLRenderingContext.TEXTURE_MAG_FILTER, WebGLRenderingContext.LINEAR);
  this.gl.texParameteri(WebGLRenderingContext.TEXTURE_2D, 
 WebGLRenderingContext.TEXTURE_MIN_FILTER, 
 WebGLRenderingContext.LINEAR_MIPMAP_NEAREST);
 this.gl.generateMipmap(WebGLRenderingContext.TEXTURE_2D);
  }
 else // else do not use mipmap
 {
 this.gl.texParameteri(WebGLRenderingContext.TEXTURE_2D, 
 WebGLRenderingContext.TEXTURE_MAG_FILTER, WebGLRenderingContext.LINEAR);
  this.gl.texParameteri(WebGLRenderingContext.TEXTURE_2D, 
 WebGLRenderingContext.TEXTURE_MIN_FILTER, WebGLRenderingContext.LINEAR);
 }
  this.gl.texParameteri(WebGLRenderingContext.TEXTURE_2D, 
 WebGLRenderingContext.TEXTURE_WRAP_S, WebGLRenderingContext.CLAMP_TO_EDGE);
  this.gl.texParameteri(WebGLRenderingContext.TEXTURE_2D, 
 WebGLRenderingContext.TEXTURE_WRAP_T, WebGLRenderingContext.CLAMP_TO_EDGE);
  // And finaly, set the image pixels data in the texture object.
 this.gl.texImage2D(WebGLRenderingContext.TEXTURE_2D, 0, 
 WebGLRenderingContext.RGBA, WebGLRenderingContext.RGBA, 
 WebGLRenderingContext.UNSIGNED_BYTE, inElement);
  // Finaly unbind the texture object
 this.Unbind(WebGLRenderingContext.TEXTURE_2D);
 }

 All is ok in production mode but when i use superdevmode i get under 
 chrome and firefox a security error while calling texImage2D method.

 Do you think that is a SOP issue ?


See 
http://www.w3.org/html/wg/drafts/html/master/embedded-content-0.html#security-with-canvas-elements
Though SuperDevMode sends Access-Control-Allow-Origin: * so it should 
work…
 

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: SuperDevMode and same origin policy

2013-03-04 Thread Harold Comere 
Hi Thomas,

Thanks for you answer.

Following your suggestion ( new Image(myImageResource) ), there is no more
security error :)

All my textures are loaded but are almost empties. According to
WebGLInspector all textures have size 1x1 with a transparent pixel.
It looks like that the HTMLImageElement obtained via image.getElement() is
not properly filled now.

An idea about that ?

Regards,
Harold




2013/3/4 Thomas Broyer t.bro...@gmail.com

 On Sunday, March 3, 2013 10:52:29 PM UTC+1, Harold wrote:

 Hi all,

 I am using super dev mode and i have an issue, i think,, with same origin
 policy.

 I have a ClientBundle containing many ImageResource which will be used as
 WebGL textures.

 To load those images i do :

 Image image = new Image(myImageResource.**getSafeUri().asString();


 Don't do that. Use new Image(myImageResource), or use a DataResource.


 RootLayoutPanel.get().add(**image);
 image.setVisible(false);
 this.img.addLoadHandler(this);
 this.img.addErrorHandler(this)**;

 where this is a class implenting LoadHandler and ErrorHandler.

 Then in the onLoad method :

 this.InitializeTexture(this.**img.getElement());
 RootLayoutPanel.get().remove(**this.img);

 And finally the InitializeTexture :

 /**
 * \brief Initializes the gl texture with the loaded image.
 */
 public void InitializeTexture(Element inElement)
 {
 // Set current texture object as active
 this.Bind(**WebGLRenderingContext.TEXTURE_**2D);
   // If generating mipmap is requested, parameter the texture filtering
 to using them and generate mipmaps ...
  if(this.generateMipmap)
 {
 this.gl.texParameteri(**WebGLRenderingContext.TEXTURE_**2D,
 WebGLRenderingContext.TEXTURE_**MAG_FILTER,
 WebGLRenderingContext.LINEAR);
  this.gl.texParameteri(**WebGLRenderingContext.TEXTURE_**2D,
 WebGLRenderingContext.TEXTURE_**MIN_FILTER, WebGLRenderingContext.LINEAR_
 **MIPMAP_NEAREST);
 this.gl.generateMipmap(**WebGLRenderingContext.TEXTURE_**2D);
  }
 else // else do not use mipmap
 {
 this.gl.texParameteri(**WebGLRenderingContext.TEXTURE_**2D,
 WebGLRenderingContext.TEXTURE_**MAG_FILTER,
 WebGLRenderingContext.LINEAR);
  this.gl.texParameteri(**WebGLRenderingContext.TEXTURE_**2D,
 WebGLRenderingContext.TEXTURE_**MIN_FILTER,
 WebGLRenderingContext.LINEAR);
 }
  this.gl.texParameteri(**WebGLRenderingContext.TEXTURE_**2D,
 WebGLRenderingContext.TEXTURE_**WRAP_S, WebGLRenderingContext.CLAMP_**
 TO_EDGE);
  this.gl.texParameteri(**WebGLRenderingContext.TEXTURE_**2D,
 WebGLRenderingContext.TEXTURE_**WRAP_T, WebGLRenderingContext.CLAMP_**
 TO_EDGE);
  // And finaly, set the image pixels data in the texture object.
 this.gl.texImage2D(**WebGLRenderingContext.TEXTURE_**2D, 0,
 WebGLRenderingContext.RGBA, WebGLRenderingContext.RGBA,
 WebGLRenderingContext.**UNSIGNED_BYTE, inElement);
  // Finaly unbind the texture object
 this.Unbind(**WebGLRenderingContext.TEXTURE_**2D);
 }

 All is ok in production mode but when i use superdevmode i get under
 chrome and firefox a security error while calling texImage2D method.

 Do you think that is a SOP issue ?


 See
 http://www.w3.org/html/wg/drafts/html/master/embedded-content-0.html#security-with-canvas-elements
 Though SuperDevMode sends Access-Control-Allow-Origin: * so it should
 work…


 --
 You received this message because you are subscribed to the Google Groups
 Google Web Toolkit group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to google-web-toolkit+unsubscr...@googlegroups.com.
 To post to this group, send email to google-web-toolkit@googlegroups.com.
 Visit this group at
 http://groups.google.com/group/google-web-toolkit?hl=en.
 For more options, visit https://groups.google.com/groups/opt_out.






-- 
*Small WebGL 3D engine for GWT*
*http://code.google.com/p/ethereal-engine/*http://code.google.com/p/ethereal-engine/

-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: SuperDevMode and same origin policy

2013-03-04 Thread Thomas Broyer 


On Monday, March 4, 2013 10:45:35 AM UTC+1, Harold wrote:

 Hi Thomas,

 Thanks for you answer.

 Following your suggestion ( new Image(myImageResource) ), there is no 
 more security error :)

 All my textures are loaded but are almost empties. According to 
 WebGLInspector all textures have size 1x1 with a transparent pixel.
 It looks like that the HTMLImageElement obtained via image.getElement() is 
 not properly filled now.

 An idea about that ?


The image then is probably a clipped image using a sprited image: the 
image itself is a 1×1px transparent gif (clear.cache.gif, served from the 
same origin as the app) and the image is set as its background, with 
background-position and clip to only show the portion of the sprited image 
that corresponds to the original image. That makes me think we should add a 
isComplete() or isSprited() to ImageResource to optimize the way we 
create Image widgets out of ImageResources (which I happen to have already 
proposed in issue 
7403https://code.google.com/p/google-web-toolkit/issues/detail?id=7403
).

Anyway, that explains why the security error has vanished.
So in the mean time, revert to new Image(myImageResource.getSafeUri()) 
(no need to use asString(), there's an overload taking a SafeUri argument), 
but then I bet you'll have the security error back…



-- 
You received this message because you are subscribed to the Google Groups 
Google Web Toolkit group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.