Tucker, I've fixed the problem you reported last week, and have tested with Weather app, LzPix, LzProject, and the dataset examples in the Laszlo-in-10 minutes. Have been testing with the app I'm working on as well for 2 days(both DHTML+SWF10), and never had any problem.
The reason for the bug: I had assumed that the LzHTTPLoader.js#requesturl is a URL, but that's not always the case. Therefore the checkIfCORS method caused an error with the regular expression I was using to extract the URL parts. I'm using the lz.URL class now for parsing the content of LzHTTLoader#requesturl instead now. I've added a test with a dataset using a relative path to JSP file to the test case. Raju Change raju-20110510-pcU by [email protected] on 2011-05-10 00:32:14 CEST in /Users/raju/src/svn/openlaszlo/cors2 for http://svn.openlaszlo.org/openlaszlo/trunk Summary: Add CORS support (including credentialled requests) to the LFC data classes. New Features: Add cross-origin resource sharing (CORS) support for LzHTTPLoader.js (DHTML) Support credentialled cross-origin resource sharing requests. Show warning message for failed CORS requests in the DHTML runtime. Bugs Fixed: LPP-9922,LPP-9923,LPP-9917 Technical Reviewer: [email protected],[email protected] QA Reviewer: [email protected] Doc Reviewer: (pending) Documentation: New attribute @credentialled is documented on the dataset tag. Release Notes: Datasets in DHTML runtime support cross-origin resource sharing requests with credentials and cookies now. If a CORS request fails, a warning message will be displayed in the Laszlo Debug window. Overview: Full support for cross-origin resource sharing requests (SOLO, unproxied) in the DHTML runtime. If a CORS request fails without delivering a response status code, a warning message will be shown, e.g. "WARNING: Cross-domain data request to localhost with URL http://localhost:9000/cors/corstest/wrongOrigin failed. Make sure that your server is configured for cross-origin resource sharing." Details: LzDataset.lzs: * property credentialled added to dataset. The value of this property will be used for the XHR.withCredentials property when loading the data. LzHTTPDataProvider.lzs * method makeLoader: set the credentialled value on the LzHTTPLoader object. * method makeLoader: remove unnecessary check if (secure == null) {, when setting the secure value on the LzHTTPLoader object. LzHTTPDataRequest.lzs * property credentialled added. * method set LzHTTPLoader.js * add properties iscors and credentialled. * method LzHTTPLoader.prototype.setCredentialled added. * method LzHTTPLoader.prototype.checkIfCORS added. Used to check if a request is a CORS request based on domain/host and port of the request. * show warning message within the onreadystatechange handler, when a CORS request fails. LzHTTPLoader.as * property credentialled added. * setter method setCredentialled added. Tests: LZX test file added test/data/dhtml-cross-origin-dataset.lzx. The test relies on a test webapp application running on http://localhost:9000/cors. The source code with a Maven pom file for running the webapp in Jetty can be downloaded here: https://github.com/raju-bitter/openlaszlo-cors-test After downloading the files, go into the folder openlaszlo-cors-test and execute mvn jetty:run Maven will download all dependencies, and launch the Jetty server on port 9000. Open the LZX test file test/data/dhtml-cross-origin-dataset.lzx using the DHTML runtime, and execute the following actions: 1) Clear all browser cookies 2) Click on button "CORS POST / Access-Control-Allow-Origin mismatch". You should the following warnings/errors in the debug window: WARNING: Cross-domain data request to localhost with URL http://localhost:9000/cors/corstest/wrongOrigin failed. Make sure that your server is configured for cross-origin resource sharing. ERROR: wrongOriginDS.onerror 3) Click on button "CORS POST / withCredentials=true". This will set the cookie with the name "coorscookie" in the browser. 4) Click on button "CORS POST / withCredentials=true". You should now see the cookie "corscookie" in the list of request cookies next to the buttons, e.g. corscookie = CORS cookie is set at 5/3/11 8:44 5) Click on button "CORS POST / withCredentials=false" The client will not send the "coorscokie" or any other cookie back to the server 6) Click the button "JSP (relative path @src='echo.jsp')" The XML response of the JSP file should be shown in the debugger: <simpleJspDS><echo>

getRequestURL: 
http://localhost:8080/cors/test/data/echo.jsp
getQueryString: null
Body:
var1=value1&amp;var2=value2
</echo></simpleJspDS> Files: A test/data/dhtml-cross-origin-dataset.lzx M WEB-INF/lps/lfc/kernel/dhtml/LzHTTPLoader.js M WEB-INF/lps/lfc/kernel/swf9/LzHTTPLoader.as M WEB-INF/lps/lfc/data/LzHTTPDataRequest.lzs M WEB-INF/lps/lfc/data/LzHTTPDataProvider.lzs M WEB-INF/lps/lfc/data/LzDataset.lzs Changeset: http://svn.openlaszlo.org/openlaszlo/patches/raju-20110510-pcU.tar
