RequestBuilder passes SOP without notice.

[KutaBeach]

Greetings!

Gentlemen, please help me to understand one GWT feauture. 

I have the following code:

RequestBuilder builder = new RequestBuilder(RequestBuilder.GET, newsUrl);
        try {
            Request response = builder.sendRequest(null, new RequestCallback() {
                @Override
                public void onResponseReceived(Request request, Response response) {
                    Window.alert("RESPONSE: " + response.getText() + " STATUS CODE:" + response.getStatusText());
                }
                @Override
                public void onError(Request request, Throwable exception) {
                    Window.alert("ERROR: " + exception.getMessage());
                }
            });
        } catch (RequestException e) {
            Window.alert("ERROR: " + e.getMessage());
        }

I thought that this code should produce a simple ajax get request to the url specified, and if the domain of target url does not coincide with domain of my app - it should return error or nothing.

But in fact, it works in the following way:

 - if target url contains json it returns that json:

url example: http://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20csv%20where%20url%3D'http%3A%2F%2Fdownload.finance.yahoo.com%2Fd%2Fquotes.csv%3Fs%3DINFY.BO%2CRELIANCE.NS%2CTCS.BO%26f%3Dsl1d1t1c1ohgv%26e%3D.csv'%20and%20columns%3D'symbol%2Cprice%2Cdate%2Ctime%2Cchange%2Ccol1%2Chigh%2Clow%2Ccol2'&format=json

MessageBox with json response is shown.

The request is marked as OK in Chrome -> Developer Tools -> Network.

 - if target url is a simple site url (for example: http://edition.cnn.com/) - it returns nothing, no response at all, no error. 

Empty Message box in OnSuccess handler is shown.

The request is marked as Canceled in Chrome.

So whats going on?

I thought I can reach other sites only if I use JsonRequestBuilder, because instead of sending get request directly it will manually create script elements on the page.

Does simple RequestBuilder also create script elements all the time?

If no, then why first request is working?

If yes, then why the second request is cancelled?

GWT 2.4, Chrome 19.0 or FF 13, Development Mode.

[Alexandre Ardhuin]

Hi,

The response of the first request contains the header "access-control-allow-origin: *". This is known as Cross-Origin Resource Sharing ( see http://www.w3.org/TR/cors/ ) and allows to call other domain with XHR.
Be careful, not all browser support this feature.

Alexandre

2012/7/24 KutaBeach <koktebe...@gmail.com>

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/pYY1k2G5fKAJ.
To post to this group, send email to google-we...@googlegroups.com.
To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.