You can read through this doc for details: https://developer.mozilla.org/En/HTTP_access_control
Essentially, if an XHR response includes the following header, the cross site request is allowed: Access-Control-Allow-Origin: * If the XHR response includes the following header instead, the request is denied: Access-Control-Allow-Origin: http://mysite.com http://gwt-code-reviews.appspot.com/73802/diff/1/2 File user/test/com/google/gwt/http/client/RequestBuilderTest.java (right): http://gwt-code-reviews.appspot.com/73802/diff/1/2#newcode64 Line 64: return false; Its a feature, not a bug. FireFox has adopted a new proposed standard where its up to the server to determine which origins can access the content. At some point, we should setup a publicly visible server that always denies cross site requests. It would be helpful to us and others. http://gwt-code-reviews.appspot.com/73802 --~--~---------~--~----~------------~-------~--~----~ http://groups.google.com/group/Google-Web-Toolkit-Contributors -~----------~----~----~----~------~----~------~--~---