Re: client side same-origin IE issue
Two thumbs up for deferred binding. I overwrote the HTTPRequestImplIE6 deferred binding with my own ActiveX version. Works great. I hope this thread is useful to someone at some point. ... public class HTTPRequestImplIEActiveX extends HTTPRequestImpl { @Override protected native JavaScriptObject doCreateXmlHTTPRequest() /*-{ try { return new ActiveXObject('MSXML2.XMLHTTP.3.0'); } catch (e) { return new ActiveXObject("Microsoft.XMLHTTP"); } }-*/; } --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~--~~~~--~~--~--~---
Re: client side same-origin IE issue
On Oct 4, 8:52 am, David Given wrote: > I don't know of any web browsers that actually get Javascript security > right when using the file: scheme --- they usually just deny everything > (as you're finding out). > > How badly do you need to run this on a machine without a webserver? i.e. > could you just install one? It would make life much simpler. Running this application without a webserver is important. To update where I'm at: GWT 1.5.2 --- /** * Internet Explorer 6 implementation of {...@link HTTPRequestImpl}. */ class HTTPRequestImplIE6 extends HTTPRequestImpl { @Override protected native JavaScriptObject doCreateXmlHTTPRequest() /*-{ return new ActiveXObject("Microsoft.XMLHTTP"); }-*/; } GWT 1.5.3 --- /** * Internet Explorer 6 implementation of {...@link HTTPRequestImpl}. */ class HTTPRequestImplIE6 extends HTTPRequestImpl { @Override protected native JavaScriptObject doCreateXmlHTTPRequest() /*-{ if ($wnd.XMLHttpRequest) { return new XMLHttpRequest(); } else { try { return new ActiveXObject('MSXML2.XMLHTTP.3.0'); } catch (e) { return new ActiveXObject("Microsoft.XMLHTTP"); } } }-*/; } As quoted from http://msdn.microsoft.com/en-us/library/ms537505(VS.85).aspx "The native XMLHTTPRequest object only permits HTTP and HTTPS urls (regardless of zone) and permits only the following HTTP methods: "GET", "POST", "HEAD", "PUT", "DELETE", "MOVE", "PROPFIND", "PROPPATCH", "MKCOL", "COPY", "LOCK", "UNLOCK", "OPTIONS". IE7's object allows only requests to the same port; IE8's object removes that restriction." This seems to be where I'm restricted from accessing file:\\ - a local trusted source. Although IE is in the right by adhering to W3C documentation. http://www.w3.org/TR/XMLHttpRequest/ "...it can be used to make requests over both HTTP and HTTPS (some implementations support protocols in addition to HTTP and HTTPS, but that functionality is not covered by this specification)." And this request for the change http://groups.google.com/group/Google-Web-Toolkit-Contributors/browse_thread/thread/c3cae4dc71580eff/2dc6dc15d51fb641 although I don't know where the order of operations is recommended by MSDN Right now it looks as though I'll have to create a JSNI method for specific access on IE deployments. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~--~~~~--~~--~--~---
Re: client side same-origin IE issue
Brian Blain wrote: [...] > I wanted to be able to move the project war dir to another computer > that does not have a server and open ClientUpload.html. Right now when > ClientUpload.html is opened in Firefox or Chrome the URL is "file:/// > C:/.../ClientUpload/war/ClientUpload.html" and "C:/.../ClientUpload/ > war/ClientUpload.html" in IE (no file:/// attached to the front). I don't know of any web browsers that actually get Javascript security right when using the file: scheme --- they usually just deny everything (as you're finding out). How badly do you need to run this on a machine without a webserver? i.e. could you just install one? It would make life much simpler. -- ┌─── dg@cowlark.com ─ http://www.cowlark.com ─ │ │ "They laughed at Newton. They laughed at Einstein. Of course, they │ also laughed at Bozo the Clown." --- Carl Sagan --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~--~~~~--~~--~--~---
client side same-origin IE issue
I have a project using GWT 1.7 that is able to upload a file without a server that works great on Firefox and Chrome, however when testing IE I get "The URL myfile.xml is invalid or violates the same-origin security restriction" error. My GWT standard directory structure for relevant files looks as follows: ClientUpload\war\ClientUpload.html ClientUpload\war\clientupload\clientupload.nocache.js ClientUpload\war\clientupload\myfile.xml I wanted to be able to move the project war dir to another computer that does not have a server and open ClientUpload.html. Right now when ClientUpload.html is opened in Firefox or Chrome the URL is "file:/// C:/.../ClientUpload/war/ClientUpload.html" and "C:/.../ClientUpload/ war/ClientUpload.html" in IE (no file:/// attached to the front). The code to load the myfile.xml: public class ClientUpload implements EntryPoint { AsyncCallback callback = new AsyncCallback() { public void onFailure(final Throwable caught) { Window.alert("failed " + caught.getMessage()); } public void onSuccess(final String result) { Window.alert("results: " + result); } }; public void onModuleLoad() { RequestBuilder requestBuilder = new RequestBuilder (RequestBuilder.POST, URL.encode("myfile.xml")); requestBuilder.setHeader("Content-Type", "text/xml; charset=utf-8;"); try { requestBuilder.sendRequest("", new RequestCallback() { public void onError(final Request request, final Throwable caught) { callback.onFailure(caught); } public void onResponseReceived(final Request request, final Response response) { callback.onSuccess(response.getText()); } }); } catch(Exception e) { callback.onFailure(e); } } } I've tried multiple ways to solve the issue for IE: moving the myfile.xml to different directories, appending GWT.getModuleBaseURL() to the front of the file name, using GET instead of POST, etc. In FF/ Chrome let's say the file is not found in the desired location, the result returned is the 404 error page including the attempted path to the file, RequestURI=/clientupload/myfile.xml I tried previously upgrading from 1.5.2 (with which this technique worked) to 1.5.3 which didn't work and was able to let it slide, I was hoping that maybe it would be noticed and/or fixed by now (1.7) but no such luck. Looking at the issue tracker I see http://code.google.com/p/google-web-toolkit/issues/detail?id=3022 as a first guess to where it may have stopped working for (at least my needs) IE7 possibly IE6 (can't confirm now) So my questions are: Why does this work in Firefox and Chrome and not IE? Where or what would the origin be for IE local html files? Is there maybe a better way without a server to load a XML file into HTML? with GWT? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en -~--~~~~--~~--~--~---