Re: same-origin security restriction
Our application uses GWT to create complex UIs but the data is served up by a Coldfusion web server running externally on a different domain. The code works fine when compiled and deployed in the same domain as the Coldfusion server but gives this error when running in hosted mode when trying to make a Cross Domain AJAX request. After much research,changing the Security Level to Medium-Low in the Local Intranet zone in IE fixed it for me. Just leaving this here in case someone walks this path :) http://i.imgur.com/bN3Klgq.png After much research,changing the Security Level to Medium-Low in the Local Intranet zone in IE fixed it for me. On Friday, April 3, 2009 11:35:51 AM UTC-4, Jason Essington wrote: Your case is simple, just use the -noserver option to launch hosted mode, and load your host page directly from your [test] php server. The embedded tomcat server is really only useful for testing the simplest of java back-end bits, and is not particularly useful for any other back-end technology or even more complicated Java configurations. -jason On Apr 3, 2009, at 7:47 AM, DavidPShaw wrote: has there been any update on this problem? I have a PHP backend exposed via JSON, and want to develop using hosted mode. Is this simply impossible without tricky proxy stuff in apache? My backend cannot run in hosted mode, so I basically have no way to do step- through debugging. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/groups/opt_out.
RequestPermissionException: URL is invalid or violates the same-origin security restriction
Hi, Can anyone help I am getting this error. And I have gone through all the older posts but not able to resolve. I am trying to send request to Tomcat server to get SOS data from a WAR file 52nSOSv3_WAR Error: com.google.gwt.http.client.RequestPermissionException: The URL http://localhost:8080/52nSOSv3_WAR/sos is invalid or violates the same-origin security restriction at com.google.gwt.http.client.RequestBuilder.doSend(RequestBuilder.java:380) at com.google.gwt.http.client.RequestBuilder.sendRequest(RequestBuilder.java:256) at edu.xml.gwt.ibm.tutorialDemo1.client.TutorialDemo1.doPost(TutorialDemo1.java:73) at edu.xml.gwt.ibm.tutorialDemo1.client.TutorialDemo1.onModuleLoad(TutorialDemo1.java:51) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.google.gwt.dev.shell.ModuleSpace.onLoad(ModuleSpace.java:396) at com.google.gwt.dev.shell.OophmSessionHandler.loadModule(OophmSessionHandler.java:193) at com.google.gwt.dev.shell.BrowserChannelServer.processConnection(BrowserChannelServer.java:510) at com.google.gwt.dev.shell.BrowserChannelServer.run(BrowserChannelServer.java:352) at java.lang.Thread.run(Unknown Source) Caused by: com.google.gwt.http.client.RequestException: (TypeError): Access is denied. - My code is url = http://localhost:8080/52nSOSv3_WAR/sos;; requestquery = REQUEST=GetCapabilities; StringBuffer posturl = new StringBuffer(); posturl.append(URL.encode(url)); StringBuffer postquery = new StringBuffer(); postquery.append(URL.encode(requestquery)); RequestBuilder builder = new RequestBuilder(RequestBuilder.POST, posturl.toString()); builder.setHeader(Content-Type,text/xml); builder.sendRequest(postquery.toString(), new RequestCallback() { public void onError(Request request, Throwable exception) { // code omitted for clarity System.out.println(exception.getCause().toString()); } @Override public void onResponseReceived(Request request,Response response) { // TODO Auto-generated method stub String var = ; var = response.getText(); System.out.println(This is response); System.out.println(var); } }); } -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Aw: RequestPermissionException: URL is invalid or violates the same-origin security restriction
Where is your app (client side javascript) hosted? If the client code is not hosted on localhost:8080 then you have the Same Origin Policy problem. RequestBuilder or better JavaScript can only do requests to URLs that belong to the same domain and port under which the JavaScript/HTML Page is accessible. This is implemented in all browsers for security reasons. Your options are: - Deploy everything (including client side code) to your external server and start the app there. That way everything will be served from localhost:8080. - use GWT's JSONPRequestBuilder which does a nifty trick to make cross domain/port requests work (you also have to update the remote servlets!) - install a webserver that supports reverse proxy (Apache, nginx, etc.) and redirect/proxy the remote requests. For example if you request http://localhost/remote/request you can proxy the request to a different host like http://localhost:8080/apprequest_uri. Thats what I do because it matches my production setup. -- J. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/01YeGjAItRsJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: RequestPermissionException: URL is invalid or violates the same-origin security restriction
Thanks Jen, Can you give me a example for the third option for proxy. I am new with Java and GWT both. It will be very helpful if I have a example. I am using Apache Tomcat webserver. Proxy will be more useful since I will need to interact with few more servers in future. Regards, Vrushali On Tue, Sep 6, 2011 at 9:47 PM, Jens jens.nehlme...@gmail.com wrote: Where is your app (client side javascript) hosted? If the client code is not hosted on localhost:8080 then you have the Same Origin Policy problem. RequestBuilder or better JavaScript can only do requests to URLs that belong to the same domain and port under which the JavaScript/HTML Page is accessible. This is implemented in all browsers for security reasons. Your options are: - Deploy everything (including client side code) to your external server and start the app there. That way everything will be served from localhost:8080. - use GWT's JSONPRequestBuilder which does a nifty trick to make cross domain/port requests work (you also have to update the remote servlets!) - install a webserver that supports reverse proxy (Apache, nginx, etc.) and redirect/proxy the remote requests. For example if you request http://localhost/remote/request you can proxy the request to a different host like http://localhost:8080/apprequest_uri. Thats what I do because it matches my production setup. -- J. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/01YeGjAItRsJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Re: same-origin security restriction
On 28 juin, 11:58, sai surya kiran master...@gmail.com wrote: Hi, What port of service do you suggest to use ? I am a complete newbie and please suggest on how to make a proxy. currently authentication server runs on 6828. and GWT runs on , so please suggest the change here. You can either: - use your webapp within the hosted mode (-Dcatalina.base=... if you're using GWTShell, -war ... if you're using HostedMode) instead of a separate Tomat instance - use the -noserver mode of hosted mode (GWTShell or HostedMode); search the docs and the group for how to use it (I'm a bit tired of repeating it over and over again) - use a proxy servlet in the hosted mode to relay requests to your separate tomcat instance; search the issue tracker for contribution proxying servlet to find one (code + how to use it) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
the problem is with the port that serves the authentication code... SOP takes to account server and port you'll have to write a proxy or change the port of the service... On Jun 27, 3:48 am, Surya master...@gmail.com wrote: I have tomcat server running on port 6828. I have GWT hosted mode running on jetty . When i try to access tomcat on 6828 for spring authentication using the code ::: RequestBuilder builder = new RequestBuilder(RequestBuilder.POST, url); builder.setHeader(Content-Type, application/x-www-form- urlencoded); builder.setHeader(Expires,0); try { builder.sendRequest(postData, this); } catch (RequestException e) { console.addMessage(Exception during authentication + e.getMessage ()); } I get the following exception on the builder.sendRequest (postData,this) line. com.google.gwt.http.client.RequestPermissionException: The URLhttp://localhost:6828/xx/j_spring_security_checkis invalid or violates the same-origin security restriction Detailed Message : Access is denied. I am really running short of time. Some one please help me out. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
Hi, What port of service do you suggest to use ? I am a complete newbie and please suggest on how to make a proxy. currently authentication server runs on 6828. and GWT runs on , so please suggest the change here. On Sun, Jun 28, 2009 at 12:29 PM, Marcelo Emanoel B. Diniz marceloeman...@gmail.com wrote: the problem is with the port that serves the authentication code... SOP takes to account server and port you'll have to write a proxy or change the port of the service... On Jun 27, 3:48 am, Surya master...@gmail.com wrote: I have tomcat server running on port 6828. I have GWT hosted mode running on jetty . When i try to access tomcat on 6828 for spring authentication using the code ::: RequestBuilder builder = new RequestBuilder(RequestBuilder.POST, url); builder.setHeader(Content-Type, application/x-www-form- urlencoded); builder.setHeader(Expires,0); try { builder.sendRequest(postData, this); } catch (RequestException e) { console.addMessage(Exception during authentication + e.getMessage ()); } I get the following exception on the builder.sendRequest (postData,this) line. com.google.gwt.http.client.RequestPermissionException: The URLhttp://localhost:6828/xx/j_spring_security_checkis invalid or violates the same-origin security restriction Detailed Message : Access is denied. I am really running short of time. Some one please help me out. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
same-origin security restriction
I have tomcat server running on port 6828. I have GWT hosted mode running on jetty . When i try to access tomcat on 6828 for spring authentication using the code ::: RequestBuilder builder = new RequestBuilder(RequestBuilder.POST, url); builder.setHeader(Content-Type, application/x-www-form- urlencoded); builder.setHeader(Expires,0); try { builder.sendRequest(postData, this); } catch (RequestException e) { console.addMessage(Exception during authentication + e.getMessage ()); } I get the following exception on the builder.sendRequest (postData,this) line. com.google.gwt.http.client.RequestPermissionException: The URL http://localhost:6828/xx/j_spring_security_check is invalid or violates the same-origin security restriction Detailed Message : Access is denied. I am really running short of time. Some one please help me out. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
has there been any update on this problem? I have a PHP backend exposed via JSON, and want to develop using hosted mode. Is this simply impossible without tricky proxy stuff in apache? My backend cannot run in hosted mode, so I basically have no way to do step- through debugging. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
On 3 avr, 15:47, DavidPShaw wowkr...@gmail.com wrote: has there been any update on this problem? I have a PHP backend exposed via JSON, and want to develop using hosted mode. Is this simply impossible without tricky proxy stuff in apache? My backend cannot run in hosted mode, so I basically have no way to do step- through debugging. You have two solutions: - use the -noserver mode (requires that your deploy your app *once*, and then you're required to deploy needed resources: images -- including imagebundles--, stylesheets, etc.) - use a proxy-servlet in the hosted mode embedded Tomcat to route all requests to your other server (no need for this tricky proxy stuff in apache), see http://code.google.com/p/google-web-toolkit/issues/detail?id=3131#c11 and following comments. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
Your case is simple, just use the -noserver option to launch hosted mode, and load your host page directly from your [test] php server. The embedded tomcat server is really only useful for testing the simplest of java back-end bits, and is not particularly useful for any other back-end technology or even more complicated Java configurations. -jason On Apr 3, 2009, at 7:47 AM, DavidPShaw wrote: has there been any update on this problem? I have a PHP backend exposed via JSON, and want to develop using hosted mode. Is this simply impossible without tricky proxy stuff in apache? My backend cannot run in hosted mode, so I basically have no way to do step- through debugging. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
I think I found the solution! !Please somebody check this! Steps: 1. run InternetExplorer Tools = Internet Options = Security = Trusted Sites add http://localhost or so to trusted sites (uncheck add only https or so) works only with Windows XP. best regards, Vladimir Chernishov --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
same-origin security restriction on MAC
Hello Is it somehow possible to disable the same-origin security restriction in the GWT shell on mac? Some description to bypass this problem are already posted, but non of them is really satisfying. They are either for Linux or they use some proxy that I cannot use. The server side of my webpage is running on a test server which is running on a different port then the GWT shell. And by the way, which browser is the GWT on mac using? If I print the browser name and Version in JavaScript, it shows Netscape 5. A little bit weird, right? So, which browser is GWT shell really using? And where are the property files located? David --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
Hello sjn456, You're completely right. That's precisely why the previous behaviour was corrected. It's browser security policies that restrict making calls to other domains or ports. If we allowed these in hosted mode, we would be setting developers up for a break once they go to production. What's more, I believe the new corrected behaviour is the result of an update to the latest XHR spec on supported browsers, meaning that allowing calls to go through to other ports would mean drawing back to older XHRs. Cheers, -Sumit Chandel On Wed, Jan 7, 2009 at 8:20 AM, sjn...@gmail.com nichols_sc...@yahoo.comwrote: The light bulb finally lit for me. There's browser security rules in place that only allow Ajax to communicate with the same server as the main page. If GWT hosted mode allowed it then in the future when you deployed to production your app wouldn't work. I'm going to change my implementation to have the external data sources route through the server, but may need to add load balancing because of the extra load now on the server. Nothings ever to easy. On Jan 6, 1:10 pm, Scooter willi...@gmail.com wrote: Please allow this to either be a configurable option or a prompt when accessing external URL. I test against a variety of complex data sources for our web server where duplicating on my development machine is almost impossible. It is also an issue when we get a bug report in production that I can point to the appropriate web server and debug the problem. I can't upgrade to the latest 1.5 and really want to avoid the proxy overhead. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
You assume that I need someone to put constraints on a development tool that will protect me. I do not need the protection and promise not to complain if I somehow release code that doesn't work in the web browser versus what I need to test in debug mode. It is also reasonable to make the default option to not allow the behavior but give the developer the ability to configure this as an option for testing purposes. . We are talking about a development tool that is hard wired to debugging Java code that will get converted to Javascript where the innovation step is to allow the developer to be more productive prior to deploying to javascript and running in a web browser. Sun provides the applet viewer for exactly this reason to allow the developer to write and debug applet code before adding the complexity and overhead of security models that are designed to protect the end user not the developer. Please understand the difference between hosted mode as a debug/ productivity tool used by developers and a web browser used by end users. I know you do I am just trying to make the point that all developers understand the difference. You actually create a situation where I will end up deploying applications that have more bugs because of the complexity of our production environment and size of data sets that makes it difficult to reproduce on a development machine. This means code does not get tested as well prior to moving into production which results in a higher number of defects and longer development cycles. It sounds like you have already decided that even though you have numerous requests in this thread to relax the restriction it is not going to happen. Should this discussion be moved over to the developer group or has it already been discussed? Is the tighter security restriction part of a google developed application tool or something used from an external open source tool? Just curious what triggered the change in a minor release of 1.5.2 to 1.5.3 and how hard it would be to relax the restriction as a config option. Thanks Scooter On Jan 9, 6:17 pm, Sumit Chandel sumitchan...@google.com wrote: Hello sjn456, You're completely right. That's precisely why the previous behaviour was corrected. It's browser security policies that restrict making calls to other domains or ports. If we allowed these in hosted mode, we would be setting developers up for a break once they go to production. What's more, I believe the new corrected behaviour is the result of an update to the latest XHR spec on supported browsers, meaning that allowing calls to go through to other ports would mean drawing back to older XHRs. Cheers, -Sumit Chandel On Wed, Jan 7, 2009 at 8:20 AM, sjn...@gmail.com nichols_sc...@yahoo.comwrote: The light bulb finally lit for me. There's browser security rules in place that only allow Ajax to communicate with the same server as the main page. If GWT hosted mode allowed it then in the future when you deployed to production your app wouldn't work. I'm going to change my implementation to have the external data sources route through the server, but may need to add load balancing because of the extra load now on the server. Nothings ever to easy. On Jan 6, 1:10 pm, Scooter willi...@gmail.com wrote: Please allow this to either be a configurable option or a prompt when accessing external URL. I test against a variety of complex data sources for our web server where duplicating on my development machine is almost impossible. It is also an issue when we get a bug report in production that I can point to the appropriate web server and debug the problem. I can't upgrade to the latest 1.5 and really want to avoid the proxy overhead. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
The light bulb finally lit for me. There's browser security rules in place that only allow Ajax to communicate with the same server as the main page. If GWT hosted mode allowed it then in the future when you deployed to production your app wouldn't work. I'm going to change my implementation to have the external data sources route through the server, but may need to add load balancing because of the extra load now on the server. Nothings ever to easy. On Jan 6, 1:10 pm, Scooter willi...@gmail.com wrote: Please allow this to either be a configurable option or a prompt when accessing external URL. I test against a variety of complex data sources for our web server where duplicating on my development machine is almost impossible. It is also an issue when we get a bug report in production that I can point to the appropriate web server and debug the problem. I can't upgrade to the latest 1.5 and really want to avoid the proxy overhead. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
This is not an improvement and wasting many developers time. Scott On Nov 19 2008, 7:33 pm, Sumit Chandel sumitchan...@google.com wrote: Hi Danny, The issue you ran into is not actually a bug but an improvement in 1.5.3 in terms of browser security compliance. Basically, the remote data you are fetching is indeed violating the single origin policy, which is why you are seeing the error message come up in the hosted mode console. The two ways to enable cross-site communication would be to use -noserver with a proxy that could delegate the calls or using the JSONP technique. Both are described in a bit more detail on the Groups post linked below: http://groups.google.com/group/Google-Web-Toolkit/browse_thread/threa... Hope that helps, -Sumit Chandel On Thu, Nov 13, 2008 at 5:05 PM, Danny da...@xrio.co.uk wrote: Just thought I'd post an update... I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this is a bug with 1.5.3. Regards, Danny On Nov 14, 12:40 am, Danny da...@xrio.co.uk wrote: Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URLhttp://x.x.x.x/.zzzisinvalid or violates the same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
I don't get the error and why special configuration is needed. This is truly wasting many developers time. I'm able to access the local URL anywhere except in GWT hosted mode. It works fine from other browsers and scripts. On Nov 19 2008, 7:33 pm, Sumit Chandel sumitchan...@google.com wrote: Hi Danny, The issue you ran into is not actually a bug but an improvement in 1.5.3 in terms of browser security compliance. Basically, the remote data you are fetching is indeed violating the single origin policy, which is why you are seeing the error message come up in the hosted mode console. The two ways to enable cross-site communication would be to use -noserver with a proxy that could delegate the calls or using the JSONP technique. Both are described in a bit more detail on the Groups post linked below: http://groups.google.com/group/Google-Web-Toolkit/browse_thread/threa... Hope that helps, -Sumit Chandel On Thu, Nov 13, 2008 at 5:05 PM, Danny da...@xrio.co.uk wrote: Just thought I'd post an update... I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this is a bug with 1.5.3. Regards, Danny On Nov 14, 12:40 am, Danny da...@xrio.co.uk wrote: Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URLhttp://x.x.x.x/.zzzisinvalid or violates the same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
Please allow this to either be a configurable option or a prompt when accessing external URL. I test against a variety of complex data sources for our web server where duplicating on my development machine is almost impossible. It is also an issue when we get a bug report in production that I can point to the appropriate web server and debug the problem. I can't upgrade to the latest 1.5 and really want to avoid the proxy overhead. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
...@xrio.co.uk wrote: Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URLhttp://x.x.x.x/.zzzisinvalidorviolatesthe same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
...@xrio.co.uk wrote: Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URLhttp://x.x.x.x/.zzzisinvalidorviolatesthe same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
Created issue 3131: (and 13's my lucky number... so close sorta..) http://code.google.com/p/google-web-toolkit/issues/detail?id=3131 Please star it :-) On Nov 24, 11:13 am, Brian [EMAIL PROTECTED] wrote: How did I miss this thread? Is there an issue open already for this, as per the Nov 21st post? I'll star it. I'm still using 1.5.2 for dev, as it's the fastest way to iterate on a non-jsonp app. Basically you guys spoiled me with this bug/feature in prior releases and using 1.5.3 and its slowdown to iterations just sucks. No offense :) Anyway, no, it doesn't cause more problems when deploying. You find out right away when you're running in webmode if you're violating SOP as the browser complains or ignores the request (depends on the browser). Violating SOP in hosted mode was a fantastic feature. Having a console warning in hosted mode that a request is violating sop should be enough. On Nov 24, 11:02 am, Jason Essington [EMAIL PROTECTED] wrote: Actually, allowing Hosted mode to violate SOP would lead to even more problems come deployment time... The idea with hosted mode is that it mirrors an actual browser as nearly as possible, so by breaking (not fixing) the SOP behavior, developers are likely to run into issues where something works in Hosted mode, but doesn't in Web mode. Definitely not desired behavior. If you have a situation were you need to connect to a serve that is not well represented by the embedded tomcat server, then simply use - noserver and be done with it. I have a JEE backend, and even I have to use -noserver. In fact, I would be willing to bet anyone that has an application that has progressed beyond trivial (trial) client/server communication is using Hosted mode with the -noserver switch. It is not a matter of the GWT developers trying to screw non-JEE developers, but rather a matter of not being able to provide an embedded server that is all things to all people. -jason On Nov 21, 2008, at 2:23 PM, jpnet wrote: This is not a feature! Please fix this. Allow us developers to violate the SOP via the Hosted-Mode browsers. You are screwing your developers that don't use J2EE on the backend. -JP On Nov 19, 7:33 pm, Sumit Chandel [EMAIL PROTECTED] wrote: Hi Danny, The issue you ran into is not actually a bug but an improvement in 1.5.3 in terms of browser security compliance. Basically, the remote data you are fetching is indeed violating the single origin policy, which is why you are seeing the error message come up in the hosted mode console. The two ways to enable cross-site communication would be to use - noserver with a proxy that could delegate the calls or using the JSONP technique. Both are described in a bit more detail on the Groups post linked below: http://groups.google.com/group/Google-Web-Toolkit/browse_thread/ threa... Hope that helps, -Sumit Chandel On Thu, Nov 13, 2008 at 5:05 PM, Danny [EMAIL PROTECTED] wrote: Just thought I'd post an update... I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this is a bug with 1.5.3. Regards, Danny On Nov 14, 12:40 am, Danny [EMAIL PROTECTED] wrote: Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URLhttp://x.x.x.x/.zzzisinvalidorviolates the same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
GWT on Mac: Invalid or violates the same-origin security restriction
Hello: I'm running into a serious problem with GWT on Mac. Here is what I'm using: GWT -1.5.3 Java 1.5.0_16 And I'm connecting to an external server NOT on the same domain. Its actually a server hosted by another company and everytime I try to connect to it and run queries I'm getting the following: com.google.gwt.http.client.RequestPermissionException: The URL https://www.externaldomain.com/online/test.php is invalid or violates the same-origin security restriction Now I know that exception will crop up when I'm running queries against my OWN server but not against an external server on a different domain. Does anyone have any idea why this is happening? thanks! Chris --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
Actually, allowing Hosted mode to violate SOP would lead to even more problems come deployment time... The idea with hosted mode is that it mirrors an actual browser as nearly as possible, so by breaking (not fixing) the SOP behavior, developers are likely to run into issues where something works in Hosted mode, but doesn't in Web mode. Definitely not desired behavior. If you have a situation were you need to connect to a serve that is not well represented by the embedded tomcat server, then simply use - noserver and be done with it. I have a JEE backend, and even I have to use -noserver. In fact, I would be willing to bet anyone that has an application that has progressed beyond trivial (trial) client/server communication is using Hosted mode with the -noserver switch. It is not a matter of the GWT developers trying to screw non-JEE developers, but rather a matter of not being able to provide an embedded server that is all things to all people. -jason On Nov 21, 2008, at 2:23 PM, jpnet wrote: This is not a feature! Please fix this. Allow us developers to violate the SOP via the Hosted-Mode browsers. You are screwing your developers that don't use J2EE on the backend. -JP On Nov 19, 7:33 pm, Sumit Chandel [EMAIL PROTECTED] wrote: Hi Danny, The issue you ran into is not actually a bug but an improvement in 1.5.3 in terms of browser security compliance. Basically, the remote data you are fetching is indeed violating the single origin policy, which is why you are seeing the error message come up in the hosted mode console. The two ways to enable cross-site communication would be to use - noserver with a proxy that could delegate the calls or using the JSONP technique. Both are described in a bit more detail on the Groups post linked below: http://groups.google.com/group/Google-Web-Toolkit/browse_thread/ threa... Hope that helps, -Sumit Chandel On Thu, Nov 13, 2008 at 5:05 PM, Danny [EMAIL PROTECTED] wrote: Just thought I'd post an update... I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this is a bug with 1.5.3. Regards, Danny On Nov 14, 12:40 am, Danny [EMAIL PROTECTED] wrote: Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URLhttp://x.x.x.x/.zzzisinvalid or violates the same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
How did I miss this thread? Is there an issue open already for this, as per the Nov 21st post? I'll star it. I'm still using 1.5.2 for dev, as it's the fastest way to iterate on a non-jsonp app. Basically you guys spoiled me with this bug/feature in prior releases and using 1.5.3 and its slowdown to iterations just sucks. No offense :) Anyway, no, it doesn't cause more problems when deploying. You find out right away when you're running in webmode if you're violating SOP as the browser complains or ignores the request (depends on the browser). Violating SOP in hosted mode was a fantastic feature. Having a console warning in hosted mode that a request is violating sop should be enough. On Nov 24, 11:02 am, Jason Essington [EMAIL PROTECTED] wrote: Actually, allowing Hosted mode to violate SOP would lead to even more problems come deployment time... The idea with hosted mode is that it mirrors an actual browser as nearly as possible, so by breaking (not fixing) the SOP behavior, developers are likely to run into issues where something works in Hosted mode, but doesn't in Web mode. Definitely not desired behavior. If you have a situation were you need to connect to a serve that is not well represented by the embedded tomcat server, then simply use - noserver and be done with it. I have a JEE backend, and even I have to use -noserver. In fact, I would be willing to bet anyone that has an application that has progressed beyond trivial (trial) client/server communication is using Hosted mode with the -noserver switch. It is not a matter of the GWT developers trying to screw non-JEE developers, but rather a matter of not being able to provide an embedded server that is all things to all people. -jason On Nov 21, 2008, at 2:23 PM, jpnet wrote: This is not a feature! Please fix this. Allow us developers to violate the SOP via the Hosted-Mode browsers. You are screwing your developers that don't use J2EE on the backend. -JP On Nov 19, 7:33 pm, Sumit Chandel [EMAIL PROTECTED] wrote: Hi Danny, The issue you ran into is not actually a bug but an improvement in 1.5.3 in terms of browser security compliance. Basically, the remote data you are fetching is indeed violating the single origin policy, which is why you are seeing the error message come up in the hosted mode console. The two ways to enable cross-site communication would be to use - noserver with a proxy that could delegate the calls or using the JSONP technique. Both are described in a bit more detail on the Groups post linked below: http://groups.google.com/group/Google-Web-Toolkit/browse_thread/ threa... Hope that helps, -Sumit Chandel On Thu, Nov 13, 2008 at 5:05 PM, Danny [EMAIL PROTECTED] wrote: Just thought I'd post an update... I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this is a bug with 1.5.3. Regards, Danny On Nov 14, 12:40 am, Danny [EMAIL PROTECTED] wrote: Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URLhttp://x.x.x.x/.zzzisinvalidor violates the same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
Hi JP, The SOP violation has to do with browser restrictions rather than server-side technology such as J2EE. The browser itself enforces single origin policy, which is what prevents cross-site calls to external domains or different ports. The fact that hosted mode permitted calls to different ports prior to 1.5.3 is actually a bug because it allowed non-standard behaviour. However, it seems like a few community members feel strongly about this change in hosted mode in 1.5.3. The argument is that allowing calls to different ports actually helped speed up the development cycle by allowing shortcuts to setup proxies or makeshift test servers. I believe the right way to deal with the problem is to use hosted mode with the -noserver argument, as it will allow for custom setups using proxies. However, for those who feel strongly about the change, I would suggest creating an issue report on the Issue Tracker for this feature and starring it for all those interested in seeing it in core. That way it will be on the team's radar if enough people believe it should be an included feature. Issue Tracker: http://code.google.com/p/google-web-toolkit/issues/list Hope that helps, -Sumit Chandel On Fri, Nov 21, 2008 at 1:23 PM, jpnet [EMAIL PROTECTED] wrote: This is not a feature! Please fix this. Allow us developers to violate the SOP via the Hosted-Mode browsers. You are screwing your developers that don't use J2EE on the backend. -JP On Nov 19, 7:33 pm, Sumit Chandel [EMAIL PROTECTED] wrote: Hi Danny, The issue you ran into is not actually a bug but an improvement in 1.5.3 in terms of browser security compliance. Basically, the remote data you are fetching is indeed violating the single origin policy, which is why you are seeing the error message come up in the hosted mode console. The two ways to enable cross-site communication would be to use -noserver with a proxy that could delegate the calls or using the JSONP technique. Both are described in a bit more detail on the Groups post linked below: http://groups.google.com/group/Google-Web-Toolkit/browse_thread/threa... Hope that helps, -Sumit Chandel On Thu, Nov 13, 2008 at 5:05 PM, Danny [EMAIL PROTECTED] wrote: Just thought I'd post an update... I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this is a bug with 1.5.3. Regards, Danny On Nov 14, 12:40 am, Danny [EMAIL PROTECTED] wrote: Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URLhttp://x.x.x.x/.zzzisinvalid or violates the same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
Hi Danny, The issue you ran into is not actually a bug but an improvement in 1.5.3 in terms of browser security compliance. Basically, the remote data you are fetching is indeed violating the single origin policy, which is why you are seeing the error message come up in the hosted mode console. The two ways to enable cross-site communication would be to use -noserver with a proxy that could delegate the calls or using the JSONP technique. Both are described in a bit more detail on the Groups post linked below: http://groups.google.com/group/Google-Web-Toolkit/browse_thread/thread/48413bdb6e5b292#msg_71f28d8b382e7f04 Hope that helps, -Sumit Chandel On Thu, Nov 13, 2008 at 5:05 PM, Danny [EMAIL PROTECTED] wrote: Just thought I'd post an update... I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this is a bug with 1.5.3. Regards, Danny On Nov 14, 12:40 am, Danny [EMAIL PROTECTED] wrote: Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URLhttp://x.x.x.x/.zzzis invalid or violates the same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
same-origin security restriction
Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URL http://x.x.x.x/.zzz is invalid or violates the same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: same-origin security restriction
Just thought I'd post an update... I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this is a bug with 1.5.3. Regards, Danny On Nov 14, 12:40 am, Danny [EMAIL PROTECTED] wrote: Hi All, I finally got round to making my app run in 1.5 and all is looking good. However I often use hosted mode with remote data, which helps massively when debugging issues. I am using RequestBuilder. I'm getting a weird error in 1.5, if I switch back to 1.4 it works perfectly. I get the following when in hosted mode. The URLhttp://x.x.x.x/.zzzis invalid or violates the same-origin security restriction I've enabled cross-brower communication in Internet Explorer and added the site to my Local Intranet, but still not joy. Can anyone shed any light on this? Many thanks, Danny --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: GWT-Gadget same-origin security restriction
Hello Jose, The solution to send data with the request builder is to use a POST: RequestBuilder rb = new RequestBuilder(RequestBuilder.POST, url); The difference of POST and GET ist: GET: only the address line is sent to the server. If you want to send data with a GET you must put it as a parameter into the URL: http://www.xyz.dedata=thisisthedatata POST: you can provide an URL and send additional data: requestBuilder.sendRequest(data, new RequestCallback() { ... } OK, I have got a question, too: What is this line doing? url = intrinsics.getCachedUrl(url, 1); What does it do with the URL and why can it avoid the same origin problem? I'm not using gadgets but I'm looking for a possibility how to call a web service from GWT that is not on the same server as my GWT site. (E.g. calling the amazon web service from my site (client) which is built with GWT). One solution of course is that I make a call to my server and the servlet then calls the webservice and answers to the GWT client with the response data from the web service. But I explicitly wnat to avoid to make a call to my server. If you have any idea please let me know. Regards Andreas --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
Re: GWT-Gadget same-origin security restriction
Thank you Eric. However, I am not using RPC, I am using RequestBuilder to invoke Web services. Is it possible to use RequestBuilder in a similar way? Thank you in advance. Jose Antonio --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---
GWT-Gadget same-origin security restriction
Hi, I have developed a simple Google Gadget using gwt-gadgets. The gadget XML file is hosted at mydomain.com. The gadget uses RequestBuilder.sendRequest() to invoke the server at mydomain.com. I get the following exception: The URL http://mydomain.com/test/servlet is invalid or violates the same-origin security restriction. How can I invoke a server from the Gadget? Thank you in advance. Jose Antonio --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~--~~~~--~~--~--~---