Account Options

  1. Sign in
The old Google Groups will be going away soon.
Switch to the new Google Groups.
Google Groups Home
« Groups Home
Google Web Toolkit
Home
+ new post
About this group
Join this group
Message from discussion same-origin security restriction
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
andrew_lau  
View profile  
 More options Dec 23 2008, 10:46 pm
From: andrew_lau <andrewlauw...@gmail.com>
Date: Tue, 23 Dec 2008 19:46:14 -0800 (PST)
Local: Tues, Dec 23 2008 10:46 pm
Subject: Re: same-origin security restriction
Print | View thread | Show original | Report this message | Find messages by this author
I got this worked out using apache's reverse proxy module.

Workstation --> apache proxy ---> (rpc call?)
(192.168.2.2)                         |-- yes --> ejb server
                                      |-- no --> workstation port 8888

Basically, you just need to set up mod_proxy like this:

===============
httpd.conf
==============
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
allow from 192.168
</Proxy>

ProxyPass /mywebmodule/gwt-rpc-service http://ejbserver.com/mywebmodule/gwt-rpc-service
ProxyPassReverse /mywebmodule/gwt-rpc-service http://ejbserver.com/mywebmodule/gwt-rpc-service

ProxyPass /com.mygwtapp.UIModule http://192.168.2.2:8888/com.mygwtapp.UIModule
ProxyPassReverse /com.mygwtapp.UIModule http://192.168.2.2:8888/com.mygwtapp.UIModule

================

Please note that 192.168.2.2 is my workstation where I develop the
code. Thus, when I start hosted mode in that box, the tomcat instance
will listen to port 8888 of my workstation.  Thus, this proxy server
will contact the tomcat in my workstation for any queries that has /
com.mygwtapp.UIModule in its path, and will contact my real EJB
server, when the hosted mode browser does rpc call.

This way, it is "clean", the proxy server separate the calls for you.

Here is my hosted mode batch file:
@java -Xmx512M -cp "%~dp0\src;%~dp0\bin;C:/javadev/lib/gwt-windows/gwt-
user.jar;N:/javadev/lib/gwt-maps.jar;C:/javadev/lib/gwt-windows/gwt-
dev-windows.jar" com.google.gwt.dev.GWTShell -out "%~dp0\www" %*
http://theproxyserver/com.mygwtapp.UIModule/UIModule.html -whitelist
"^http[:][/][/]theproxyserver"

On Nov 25, 4:12 pm, Brian <hibr...@gmail.com> wrote:

> Created issue 3131: (and 13's my lucky number... so close sorta..)

> http://code.google.com/p/google-web-toolkit/issues/detail?id=3131

> Please star it :-)

> On Nov 24, 11:13 am, Brian <hibr...@gmail.com> wrote:

> > How did I miss this thread?  Is there an issue open already for this,
> > as per the Nov 21st post? I'll star it.

> > I'm still using 1.5.2 for dev, as it's the fastest way to iterate on a
> > non-jsonp app.  Basically you guys spoiled me with this bug/feature in
> > prior releases and using 1.5.3 and its slowdown to iterations just
> > sucks. No offense :)

> > Anyway, no, it doesn't cause more problems when deploying.  You find
> > out right away when you're running in webmode if you're violating SOP
> > as the browser complains or ignores the request (depends on the
> > browser). Violating SOP in hosted mode was a fantastic feature.
> > Having a console warning in hosted mode that a request is violating
> > sop should be enough.

> > On Nov 24, 11:02 am, Jason Essington <jason.essing...@gmail.com>
> > wrote:

> > > Actually, allowing Hosted mode to violate SOP would lead to even more  
> > > problems come deployment time...

> > > The idea with hosted mode is that it mirrors an actual browser as  
> > > nearly as possible, so by breaking (not fixing) the SOP behavior,  
> > > developers are likely to run into issues where something works in  
> > > Hosted mode, but doesn't in Web mode. Definitely not desired behavior.

> > > If you have a situation were you need to connect to a serve that is  
> > > not well represented by the embedded tomcat server, then simply use -
> > > noserver and be done with it.

> > > I have a JEE backend, and even I have to use -noserver. In fact, I  
> > > would be willing to bet anyone that has an application that has  
> > > progressed beyond trivial (trial) client/server communication is using  
> > > Hosted mode with the -noserver switch. It is not a matter of the GWT  
> > > developers trying to screw non-JEE developers, but rather a matter of  
> > > not being able to provide an embedded server that is all things to all  
> > > people.

> > > -jason

> > > On Nov 21, 2008, at 2:23 PM, jpnet wrote:

> > > > This is not a feature! Please fix this.  Allow us developers to
> > > > violate the SOP via the Hosted-Mode browsers.  You are screwing your
> > > > developers that don't use J2EE on the backend.

> > > > -JP

> > > > On Nov 19, 7:33 pm, Sumit Chandel <sumitchan...@google.com> wrote:
> > > >> Hi Danny,

> > > >> The issue you ran into is not actually a bug but an improvement in  
> > > >> 1.5.3 in
> > > >> terms of browser security compliance.

> > > >> Basically, the remote data you are fetching is indeed violating the  
> > > >> single
> > > >> origin policy, which is why you are seeing the error message come  
> > > >> up in the
> > > >> hosted mode console.

> > > >> The two ways to enable cross-site communication would be to use -
> > > >> noserver
> > > >> with a proxy that could delegate the calls or using the JSONP  
> > > >> technique.
> > > >> Both are described in a bit more detail on the Groups post linked  
> > > >> below:

> > > >>http://groups.google.com/group/Google-Web-Toolkit/browse_thread/
> > > >> threa...

> > > >> Hope that helps,
> > > >> -Sumit Chandel

> > > >> On Thu, Nov 13, 2008 at 5:05 PM, Danny <da...@xrio.co.uk> wrote:

> > > >>> Just thought I'd post an update...

> > > >>> I downgraded from 1.5.3 to 1.5.2 and its now working so I guess this
> > > >>> is a bug with 1.5.3.

> > > >>> Regards,
> > > >>> Danny

> > > >>> On Nov 14, 12:40 am, Danny <da...@xrio.co.uk> wrote:
> > > >>>> Hi All,

> > > >>>> I finally got round to making my app run in 1.5 and all is looking
> > > >>>> good.  However I often use hosted mode with remote data, which  
> > > >>>> helps
> > > >>>> massively when debugging issues.  I am using RequestBuilder.

> > > >>>> I'm getting a weird error in 1.5, if I switch back to 1.4 it works
> > > >>>> perfectly.  I get the following when in hosted mode.

> > > >>>> The URLhttp://x.x.x.x/yyyy.zzzisinvalidorviolatesthe same-origin
> > > >>>> security restriction

> > > >>>> I've enabled cross-brower communication in Internet Explorer and  
> > > >>>> added
> > > >>>> the site to my Local Intranet, but still not joy.

> > > >>>> Can anyone shed any light on this?

> > > >>>> Many thanks,
> > > >>>> Danny


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google