Hello! I serve my gwt-based app from Google AppEngine from <myapp>.appspot.com - both the script (GWT) and data (XMLHTTPRequest POSTs). If I open https://<myapp>.appspot.com/app.html, everything works perfectly in all modern browsers.
However, I want to serve the .html page from my custom domain in order to use SSL: https://mydomain.com/app.html I modified app.html to include script from appspot; I use a <div> and do RootPanel.get("my_div"). I hard-coded appspot URLs for POSTs. This solution works perfectly in Chrome and Firefox with <add-linker name="xsiframe"/> (or "xs") - I open an HTTPS URL from my custom domain, it loads GWT via https from appspot.com, and do AJAX communication (not GWT-RPC, but pure ajax) with my appspot.com app via ssl/https. BUT, in IE and Opera the page opens, GWT renders the content in the page, but AJAX requests fails with XS-origin errors: com.google.gwt.http.client.RequestPermissionException: The URL https://***.appspot.com/*** is invalid or violates the same-origin security restriction I do set "Access-Control-XXX" headers in my servlet (java), and I tried to set "X-XSS-Protection" to "0" in my custom domain, but still IE and Opera do not let me query to appspot. What can I do to let IE at least to allow posting to appspot.com? Thanks, MG -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.