So, Server1 only has the Host-HTML file and Server2 can have everything else? Even resources that are loaded by the GWT app like images, fonts, data-input-files? Or can Server2 only hold the .js files that are loaded by the Host-HTML and nothing else without violating SOP?
On Sunday, June 17, 2012 3:28:58 AM UTC+2, Thomas Broyer wrote: > > > > On Saturday, June 16, 2012 10:24:01 PM UTC+2, Carsten wrote: >> >> So let me reiterate if I got it. Before xsiframe one had to place the >> Host Html and the GWT app and all resources used by the GWT app on the same >> server/domain (a.k.a. origin). >> >> With xsiframe you can place the GWT app and all its resources (including >> the file I tried to GET above) on a server but place the Host HTML on a >> different server, correct? >> > > Yes. > > So what is possible with this setup? >> >> Server1: just the Host HTML >> Server2: the GWT app + all resources >> >> a) can I somehow allow Server1 to somehow hand some initializing data to >> the GWT app? Let's say the GWT app is some sort of viewer/canvas/renderer >> and I can allow people to include it in their website and give some JSON to >> the GWT app when it is started? >> > > Initialize some global JS variable and read it from the script (GWT app) > at startup. > Alternately, put attributes on some element (with a specific id="" or > class=""), that the script will read. This is how Google +1 button, Twitter > button and Facebook Like button work, for instance. > > >> b) let's say Server1 with the Host HTML is on Appengine. Can the GWT app >> from Server2 when run from the Host HTML from Server1 POST a JSON string to >> a URL of the Server1 (which will ultimately be handled by appengine)? > > > Yes. The script files come from Server2, but they run in the HTML host > page from Server1, so they technically "are from Server1" as far as SOP is > concerned. > To talk to Server2, you can take advantage of CORS in browsers that > support it (all but IE –IE10 will support CORS, IE8 and IE9 support it > through a special XDomainRequest, that GWT doesn't use– and Opera up to the > latest –Opera 12 finally support CORS–), use JSON-P (JsonpRequestBuilder in > GWT), post data through forms (FormPanel in GWT, but the response needs to > redirect to some page at Server1 to communicate results), or go through a > "proxy" at Server1 (i.e. call Server1, which will call Server2 and send the > response back). > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/L-cDpBdmlLcJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
