PHP and "Same Origin Policy" problems in hosted mode -- SOLVED

57 views
Skip to first unread message

fke...@gmail.com

unread,
Apr 7, 2008, 8:13:13 PM4/7/08
to Google Web Toolkit
I just found out this article , "Accessing PHP pages in Hosted Mode
GWT", at http://www.drivenbycuriosity.com/mywp/?p=52 and it provides
a nice solution for AJAX calls (for example, to PHP services) when in
hosted mode.

The idea is to change the default policy of the hosted browser, so it
won't protest about different origin calls. You just need to add a few
lines to the ./mozilla-1.7.12/greprefs/all.js in the GWT directory:

pref("capability.policy.default.XMLHttpRequest.abort", "allAccess");
pref("capability.policy.default.XMLHttpRequest.getAllResponseHeaders","allAccess");
pref("capability.policy.default.XMLHttpRequest.getResponseHeader","allAccess");
pref("capability.policy.default.XMLHttpRequest.open", "allAccess");
pref("capability.policy.default.XMLHttpRequest.send", "allAccess");
pref("capability.policy.default.XMLHttpRequest.setRequestHeader","allAccess");
pref("capability.policy.default.XMLHttpRequest.onreadystatechange","allAccess");
pref("capability.policy.default.XMLHttpRequest.readyState",
"allAccess");
pref("capability.policy.default.XMLHttpRequest.responseText","allAccess");
pref("capability.policy.default.XMLHttpRequest.responseXML","allAccess");
pref("capability.policy.default.XMLHttpRequest.status", "allAccess");
pref("capability.policy.default.XMLHttpRequest.statusText",
"allAccess");

The author mentions two problems: having to use absolute URLs in your
code (not a big deal for me, at least), and having to redo this
addition whenever you update to a new version of GWT (not so often, so
no big deal either).

I can add another problem. Before this change, you could write code
that would run in compiled mode, but fail in hosted mode. After this
change, you can write code that runs in hosted mode, but fails in
compiled mode... careful!

I had been trying with proxies, server configurations, Apache tricks,
and what-have-you, but this is by far the simplest possible fix.

A great solution, IMO !!

I could add that now you could write code that would

Thomas Broyer

unread,
Apr 8, 2008, 4:43:42 AM4/8/08
to Google Web Toolkit

On 8 avr, 02:13, "fker...@gmail.com" <fker...@gmail.com> wrote:
> I just found out this article , "Accessing PHP pages in Hosted Mode
> GWT", athttp://www.drivenbycuriosity.com/mywp/?p=52and it provides
> a nice solution for AJAX calls (for example, to PHP services) when in
> hosted mode.
>
> The idea is to change the default policy of the hosted browser, so it
> won't protest about different origin calls. You just need to add a few
> lines to the ./mozilla-1.7.12/greprefs/all.js in the GWT directory:

One major drawback: it only works if you develop on Linux.

I've personally use a "proxy servlet". I've configured it in the
tomcat/webapps/ROOT/WEB-INF/web.xml of my GWT project to match a /
prefix/*, so that any request to /prefix/something is "routed" to
another server (using URL and HttpURLConnection, copying headers and
content). This works only because all my calls on the other server
begins with /prefix/.
I have a nightly build that compiles the GWT project and deploys it on
the "other server": everything works without any compile trick.

I've also added some additional features to my servlet:
- logs every request in the GWTShell (URL, HTTP method, request
headers and body, response status code, response headers and body)
- given that I'm exchanging JSON in "compact" form (not very
readable), the servlet automatically parses the JSON and logs the
"pretty-printed" re-serialization, instead of the originally exchanged
JSON. This has also the advantage of validating the JSON for
strictness (e.g. no trailing coma in arrays or objects, quoted keys in
objects, etc.)

I'm sorry I can't show you the code, since I wrote it at work.
Reply all
Reply to author
Forward
0 new messages