Actually, allowing Hosted mode to violate SOP would lead to even more problems come deployment time...
The idea with hosted mode is that it mirrors an actual browser as nearly as possible, so by breaking (not fixing) the SOP behavior, developers are likely to run into issues where something works in Hosted mode, but doesn't in Web mode. Definitely not desired behavior. If you have a situation were you need to connect to a serve that is not well represented by the embedded tomcat server, then simply use - noserver and be done with it. I have a JEE backend, and even I have to use -noserver. In fact, I would be willing to bet anyone that has an application that has progressed beyond trivial (trial) client/server communication is using Hosted mode with the -noserver switch. It is not a matter of the GWT developers trying to screw non-JEE developers, but rather a matter of not being able to provide an embedded server that is all things to all people. -jason On Nov 21, 2008, at 2:23 PM, jpnet wrote: > > This is not a feature! Please fix this. Allow us developers to > violate the SOP via the Hosted-Mode browsers. You are screwing your > developers that don't use J2EE on the backend. > > -JP > > On Nov 19, 7:33 pm, Sumit Chandel <[EMAIL PROTECTED]> wrote: >> Hi Danny, >> >> The issue you ran into is not actually a bug but an improvement in >> 1.5.3 in >> terms of browser security compliance. >> >> Basically, the remote data you are fetching is indeed violating the >> single >> origin policy, which is why you are seeing the error message come >> up in the >> hosted mode console. >> >> The two ways to enable cross-site communication would be to use - >> noserver >> with a proxy that could delegate the calls or using the JSONP >> technique. >> Both are described in a bit more detail on the Groups post linked >> below: >> >> http://groups.google.com/group/Google-Web-Toolkit/browse_thread/ >> threa... >> >> Hope that helps, >> -Sumit Chandel >> >> On Thu, Nov 13, 2008 at 5:05 PM, Danny <[EMAIL PROTECTED]> wrote: >> >>> Just thought I'd post an update... >> >>> I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this >>> is a bug with 1.5.3. >> >>> Regards, >>> Danny >> >>> On Nov 14, 12:40 am, Danny <[EMAIL PROTECTED]> wrote: >>>> Hi All, >> >>>> I finally got round to making my app run in 1.5 and all is looking >>>> good. However I often use hosted mode with remote data, which >>>> helps >>>> massively when debugging issues. I am using RequestBuilder. >> >>>> I'm getting a weird error in 1.5, if I switch back to 1.4 it works >>>> perfectly. I get the following when in hosted mode. >> >>>> The URLhttp://x.x.x.x/yyyy.zzzisinvalid or violates the same-origin >>>> security restriction >> >>>> I've enabled cross-brower communication in Internet Explorer and >>>> added >>>> the site to my Local Intranet, but still not joy. >> >>>> Can anyone shed any light on this? >> >>>> Many thanks, >>>> Danny > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
