Hi darkflame, As you see, all browsers don't support cross-domain scripting. The good practice is to avoid cross-domain scripting.
Why ? Because for the moment, it's a W3C draft and not yet implemented by browsers all implementors. http://www.w3.org/TR/access-control/ So, your application might not work on any browser, because you don't know if your application user use a compatible browser. But, there is an issue : If you need data from another domain, let request the data from server side, then transmit the data back to the client. CLIENT --------------------------> server your app -------------------------> other domain <---------------------------------------- <-------------------------------------------- There is a lot of library ( apache client HTTP, Google, REST, etc....) you can use to do that. In my opinion, cross domain scripting is a real security problem. I hope it helps. Regards. Karim Duran 2012/1/11 darkflame <darkfl...@gmail.com>: > I dont know about IE, but try Opera12 as cross-domain support via CORS > was only added on that version. > > On Jan 10, 8:23 pm, ussuri <michael.glas...@gmail.com> wrote: >> Hello! >> >> I serve my gwt-based app from Google AppEngine from >> <myapp>.appspot.com - both the script (GWT) and data (XMLHTTPRequest >> POSTs). If I open https://<myapp>.appspot.com/app.html, everything >> works perfectly in all modern browsers. >> >> However, I want to serve the .html page from my custom domain in order >> to use SSL:https://mydomain.com/app.html >> >> I modified app.html to include script from appspot; I use a <div> and >> do RootPanel.get("my_div"). I hard-coded appspot URLs for POSTs. >> >> This solution works perfectly in Chrome and Firefox with <add-linker >> name="xsiframe"/> (or "xs") - I open an HTTPS URL from my custom >> domain, it loads GWT via https from appspot.com, and do AJAX >> communication (not GWT-RPC, but pure ajax) with my appspot.com app via >> ssl/https. >> >> BUT, in IE and Opera the page opens, GWT renders the content in the >> page, but AJAX requests fails with XS-origin errors: >> >> com.google.gwt.http.client.RequestPermissionException: The URL >> https://***.appspot.com/*** is invalid or violates the same-origin >> security restriction >> >> I do set "Access-Control-XXX" headers in my servlet (java), and I >> tried to set "X-XSS-Protection" to "0" in my custom domain, but still >> IE and Opera do not let me query to appspot. >> >> What can I do to let IE at least to allow posting to appspot.com? >> >> Thanks, >> MG > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to google-web-toolkit@googlegroups.com. > To unsubscribe from this group, send email to > google-web-toolkit+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
