Thank u for the corrections and your response. To further clarify our problem domain. We want a Microsoft .NET based application to run our GWT app and and that server is on xxx.somedomain.com. To load up our GWT app , we wanted to source in the cache.js and subsequent data transfers through RPC from our java based tomcat server , in the same domain but on a different host yyy.somedomain.com. If I understood u correctly, the architecture that will bypass SOP would be
* Create a Relay/Proxy on xxx.somedomain.com.. it is a IIS server and no servlets on that host. * The Relay as a relay should do , forwards the request ( any request ) to yyy.somedomain.com. * In the html src=http:// xxx.somedomain/g-control/gwtc/z/ z.nocache.js. This when loaded by the IIS server , actually relays the request to yyy.somedomain.com. * Any RPC executed on behalf of the downloaded js , will be to xxx.somedomain relayed to yyy.somedomain.com And thus we bypass SOP. Have I understood this correctly.. ( even though it seems I have just repeated your post ) and is it a well known practice top beat SOP ? On Dec 23, 10:15 pm, Thomas Broyer <t.bro...@gmail.com> wrote: > On 23 déc, 15:18, Vishal <vishal.santo...@gmail.com> wrote: > > > I have an html page on a loaded on xxx.somedomain:301/some.html > > > This html has > > <script type="text/javascript" language="javascript" src="http:// > > yyy.somedomain:301/g-control/gwtc/z/z.nocache.js"> > > document.domain = 'somedomain:301'; > > </script> > > Well, first, this "document.domain" thing won't be executed, it has to > be in a separate <script> element (you cannot have both a src="" and > inline script). And it would actually have no effect in your case. > > > and thus has to load up a GWT generated nocache.js. > > I have the > > <add-linker name="xs"/> > > added to the GWT.xml to allow Cross Domain Scripting. > > > I am able to execute the nocache.js , but any RPC fail with > > > com.google.gwt.http.client.RequestPermissionException: > > The URLhttp://yyy.somedomain:301/g-control/actionservice.foundation > > is invalid or violates the same-origin security restrictionCaused by: > > com.google.gwt.http.client.RequestException: > > > What am I doing wrong here ? > > It just cannot work that way.You'd have to make requests to > xxx.somedomain:301 (either hosting your RPC servlets on xxx.somedomain > or setting up a "proxy" on xxx.somedomain to relay requests to > yyy.somedomain); the "xs" linker only allows you to load the GWT app > from another domain, but it doesn't bypass the Same-Origin Policy. > Seehttp://code.google.com/webtoolkit/doc/latest/FAQ_Server.html#What_is_... -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.