Tuesday, March 12, 2024

Re: Hello Noob question

On the other hand gwt polymer is unmaintained for 6 years. Also it draws in elemental, which is nowadays replaced by elemental2. The 2 dependencies didn't cause problems previously but maybe someone else can advise.


On Tue, Mar 12, 2024 at 23:20, Vijay Kishen Hampapur
<vijaykishen@gmail.com> wrote:
Thanks , I figured out that the parent webapp didnt have the
dependency called out. Followed by resources of the .nocache.js not
being part of the jetty xml. Fixed and working now

Thanks

On Tue, Mar 12, 2024 at 9:02 AM 'tim_mac...@yahoo.co.uk' via GWT Users
<google-web-toolkit@googlegroups.com> wrote:
>
> I am hoping to continue using this with upgrade to gwt 2.11.0 , gwt-maven-plugin 1.1.0 , java source level 11.
> I checked it as far as calling
>    Polymer.startLoading()
>    Polymer.importHref( .. )
> No errors so far.
>
> in module.gwt.xml  I presume you have:
>  <inherits name="com.vaadin.polymer.Elements"/>
>
> did you add the dependency in the -client pom file?
>    <dependency>
>      <groupId>com.vaadin.polymer</groupId>
>      <artifactId>vaadin-gwt-polymer-elements</artifactId>
>      <version>1.9.3.1</version>
>    </dependency>
>
> On Tuesday, March 12, 2024 at 7:28:15 AM UTC Vijay H wrote:
>>
>> Created a starter using the modular-webapp archetype, and am trying to change the client module to use polymer elements and running into these sort of errors. Before I debug too far wanted to check if this is something that is doable or even recommended. This is for a class project.
>>
>> > Loading inherited module 'com.mycompany.mywebapp.App'
>> > [INFO]      Loading inherited module 'com.vaadin.polymer.Elements'
>> > [INFO]          [ERROR] Unable to find 'com/vaadin/polymer/Elements.gwt.xml' on your classpath; could be a typo, or maybe you forgot to include a classpath entry for source?
>>
>>
>> thanks
>> Vijay
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "GWT Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-web-toolkit/DPT5No0b2KI/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/20efcc19-88ce-477f-8976-821357bfb92dn%40googlegroups.com.


--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/CAKzfLJKmukv3W87cYsrfVwKe7B42ctzxkEa3DZTtkrqt-TFDqw%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/963665304.5853729.1710286574424%40mail.yahoo.com.

Re: Hello Noob question

Thanks , I figured out that the parent webapp didnt have the
dependency called out. Followed by resources of the .nocache.js not
being part of the jetty xml. Fixed and working now

Thanks

On Tue, Mar 12, 2024 at 9:02 AM 'tim_mac...@yahoo.co.uk' via GWT Users
<google-web-toolkit@googlegroups.com> wrote:
>
> I am hoping to continue using this with upgrade to gwt 2.11.0 , gwt-maven-plugin 1.1.0 , java source level 11.
> I checked it as far as calling
> Polymer.startLoading()
> Polymer.importHref( .. )
> No errors so far.
>
> in module.gwt.xml I presume you have:
> <inherits name="com.vaadin.polymer.Elements"/>
>
> did you add the dependency in the -client pom file?
> <dependency>
> <groupId>com.vaadin.polymer</groupId>
> <artifactId>vaadin-gwt-polymer-elements</artifactId>
> <version>1.9.3.1</version>
> </dependency>
>
> On Tuesday, March 12, 2024 at 7:28:15 AM UTC Vijay H wrote:
>>
>> Created a starter using the modular-webapp archetype, and am trying to change the client module to use polymer elements and running into these sort of errors. Before I debug too far wanted to check if this is something that is doable or even recommended. This is for a class project.
>>
>> > Loading inherited module 'com.mycompany.mywebapp.App'
>> > [INFO] Loading inherited module 'com.vaadin.polymer.Elements'
>> > [INFO] [ERROR] Unable to find 'com/vaadin/polymer/Elements.gwt.xml' on your classpath; could be a typo, or maybe you forgot to include a classpath entry for source?
>>
>>
>> thanks
>> Vijay
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "GWT Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-web-toolkit/DPT5No0b2KI/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/20efcc19-88ce-477f-8976-821357bfb92dn%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/CAKzfLJKmukv3W87cYsrfVwKe7B42ctzxkEa3DZTtkrqt-TFDqw%40mail.gmail.com.

Re: Hello Noob question

I am hoping to continue using this with upgrade to gwt 2.11.0 , gwt-maven-plugin 1.1.0 , java source level 11.
I checked it as far as calling
    Polymer.startLoading()
    Polymer.importHref( .. )
No errors so far.

in module.gwt.xml  I presume you have:
  <inherits name="com.vaadin.polymer.Elements"/>

did you add the dependency in the -client pom file?
    <dependency>
      <groupId>com.vaadin.polymer</groupId>
      <artifactId>vaadin-gwt-polymer-elements</artifactId>
      <version>1.9.3.1</version>
    </dependency> 

On Tuesday, March 12, 2024 at 7:28:15 AM UTC Vijay H wrote:
Created a starter using the modular-webapp archetype, and am trying to change the client module to use polymer elements and running into these sort of errors. Before I debug too far wanted to check if this is something that is doable or even recommended. This is for a class project. 

> Loading inherited module 'com.mycompany.mywebapp.App'
> [INFO]       Loading inherited module 'com.vaadin.polymer.Elements'
> [INFO]          [ERROR] Unable to find 'com/vaadin/polymer/Elements.gwt.xml' on your classpath; could be a typo, or maybe you forgot to include a classpath entry for source?


thanks
Vijay 

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/20efcc19-88ce-477f-8976-821357bfb92dn%40googlegroups.com.

Monday, March 11, 2024

Hello Noob question

Created a starter using the modular-webapp archetype, and am trying to change the client module to use polymer elements and running into these sort of errors. Before I debug too far wanted to check if this is something that is doable or even recommended. This is for a class project. 

> Loading inherited module 'com.mycompany.mywebapp.App'
> [INFO]       Loading inherited module 'com.vaadin.polymer.Elements'
> [INFO]          [ERROR] Unable to find 'com/vaadin/polymer/Elements.gwt.xml' on your classpath; could be a typo, or maybe you forgot to include a classpath entry for source?


thanks
Vijay 

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/b88cc06f-d6ea-438a-9d0b-42b883f05dc3n%40googlegroups.com.

Thursday, March 7, 2024

Re: apply content secure policy using script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval

Thank for your reply, i have migrated to   2.8.2 but now i am facing new issues 

1. No RPC is call happened Ex: i existing Databasecall to load the data , save data ..etc but after we apply CSP (without unsafe-inline and unsafe-eval) those are not working
2. Existing validations are not triggered ex: earlier my UI is throwing error for mandatory data but now this is not working  


On Thu, 7 Mar 2024 at 4:33 PM, paparao rambuddi <paparao.rambuddi@gmail.com> wrote:
Thank for your reply, i have migrated to   2.8.2 but now i am facing new issues 

1. No RPC is call happened Ex: i existing Databasecall to load the data , save data ..etc but after we apply CSP (without unsafe-inline and unsafe-eval) those are not working
2. Existing validations are not triggered ex: earlier my UI is throwing error for mandatory data but now this is not working  

On Thursday 7 March 2024 at 00:08:00 UTC+8 Thomas Broyer wrote:
The problem is not loading the nocache.js itself, but is triggered by the setupInstallLocation function of the nocache.js, at line 71, specifically the line:
$doc.body.appendChild(scriptFrame);
and probably due to that line:
scriptFrame.src = $intern_10;
because of:
$intern_10 = 'javascript:""'

This was actually fixed in 2.8.2: https://github.com/gwtproject/gwt/commit/f5df41df4016cd2ce4e6a15a637dbe2ddc4f3fab, so you're probably using an older version.
One workaround, as described in the comments in that file is to extend CrossSiteIframeLinker and override getJsInstallLocation() to return your own script where you'd have applied the fix.

You'll want to replace those with modified versions (read CrossSiteIframeLinker to see how to override them) that will add the nonce to the dynamically created script (though as they're injected into the iframe that's been dynamicallly created in setupInstallLocation, I'm not sure how/which CSP applies there)
On Wednesday, March 6, 2024 at 4:47:29 PM UTC+1 paparao....@gmail.com wrote:
Hi Team
Hope you are doing well

i am using GWT version 2.8.2
i am trying to apply content secure policy in GWT using  script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval but i am getting below 

setupInstallLocation @ AllDec.nocache.js?timeStamp=1709618887261:71
AllDec.nocache.js?timeStamp=1709618887261:71 Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self'  'nonce-alldec202403040001' 'nonce-alldec202403040002' 'nonce-trwFrame-202403040001' 'nonce-footer-202403040001' 'nonce-menu202403040001' 'nonce-Header2022092604' 'nonce-Header2022092603' 'nonce-Header2022092602' 'nonce-Header2022092601' 'nonce-header-momentjs-20221027' 'nonce-header-inline-2022102701' 'nonce-header-inline-2022102702'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.


my code logic with different approaches and none of them work for me 


<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="alldec202403040001"></script>


<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="nonce-alldec202403040001"></script>

<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?nonce=alldec202403040001&timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="alldec202403040001"></script>


<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?nonce=nonce-alldec202403040001&timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="nonce-alldec202403040001"></script>

i tried this as well but not working 

   String scriptUrl = "../trw4/alldec/AllDec.nocache.js?nonce=alldec202403040001"
   ScriptInjector.fromUrl(scriptUrl)
        .setWindow(ScriptInjector.TOP_WINDOW)
        .inject();

Need your valuable inputs to achieve content secure policy in GWT using  script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval
i suspect the inline java script code is not allowing  to apply  script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval


here is my AllDec.nocache.js 
function AllDec(){
  var $intern_0 = 'bootstrap', $intern_1 = 'begin', $intern_2 = 'gwt.codesvr.AllDec=', $intern_3 = 'gwt.codesvr=', $intern_4 = 'AllDec', $intern_5 = 'startup', $intern_6 = 'DUMMY', $intern_7 = 0, $intern_8 = 1, $intern_9 = 'iframe', $intern_10 = 'javascript:""', $intern_11 = 'position:absolute; width:0; height:0; border:none; left: -1000px;', $intern_12 = ' top: -1000px;', $intern_13 = 'CSS1Compat', $intern_14 = '<!doctype html>', $intern_15 = '', $intern_16 = '<html><head><\/head><body><\/body><\/html>', $intern_17 = 'undefined', $intern_18 = 'readystatechange', $intern_19 = 10, $intern_20 = 'script', $intern_21 = 'javascript', $intern_22 = 'Failed to load ', $intern_23 = 'moduleStartup', $intern_24 = 'scriptTagAdded', $intern_25 = 'moduleRequested', $intern_26 = 'meta', $intern_27 = 'name', $intern_28 = 'AllDec::', $intern_29 = '::', $intern_30 = 'gwt:property', $intern_31 = 'content', $intern_32 = '=', $intern_33 = 'gwt:onPropertyErrorFn', $intern_34 = 'Bad handler "', $intern_35 = '" for "gwt:onPropertyErrorFn"', $intern_36 = 'gwt:onLoadErrorFn', $intern_37 = '" for "gwt:onLoadErrorFn"', $intern_38 = '#', $intern_39 = '?', $intern_40 = '/', $intern_41 = 'img', $intern_42 = 'clear.cache.gif', $intern_43 = 'baseUrl', $intern_44 = 'AllDec.nocache.js', $intern_45 = 'base', $intern_46 = '//', $intern_47 = 'user.agent', $intern_48 = 'webkit', $intern_49 = 'safari', $intern_50 = 'msie', $intern_51 = 11, $intern_52 = 'ie10', $intern_53 = 9, $intern_54 = 'ie9', $intern_55 = 8, $intern_56 = 'ie8', $intern_57 = 'gecko', $intern_58 = 'gecko1_8', $intern_59 = 2, $intern_60 = 3, $intern_61 = 4, $intern_62 = 'selectingPermutation', $intern_63 = 'AllDec.devmode.js', $intern_64 = '0EF85E4190AC447E05897F96A6F99F47', $intern_65 = '4907B969BA14903A87055E501F608F15', $intern_66 = '9EE4E7BDFF866FF07E4C05A26DDA5C46', $intern_67 = 'CDC1ED083BDDEDA5A079F2A66A48A35D', $intern_68 = 'FD596E46A331AE61B689F91C1973282E', $intern_69 = ':', $intern_70 = '.cache.js', $intern_71 = 'link', $intern_72 = 'rel', $intern_73 = 'stylesheet', $intern_74 = 'href', $intern_75 = 'head', $intern_76 = 'loadExternalRefs', $intern_77 = 'Trw4gui.css', $intern_78 = 'end', $intern_79 = 'http:', $intern_80 = 'file:', $intern_81 = '_gwt_dummy_', $intern_82 = '__gwtDevModeHook:AllDec', $intern_83 = 'Ignoring non-whitelisted Dev Mode URL: ', $intern_84 = ':moduleBase';
  var $wnd = window;
  var $doc = document;
  sendStats($intern_0, $intern_1);
  function isHostedMode(){
    var query = $wnd.location.search;
    return query.indexOf($intern_2) != -1 || query.indexOf($intern_3) != -1;
  }

  function sendStats(evtGroupString, typeString){
    if ($wnd.__gwtStatsEvent) {
      $wnd.__gwtStatsEvent({moduleName:$intern_4, sessionId:$wnd.__gwtStatsSessionId, subSystem:$intern_5, evtGroup:evtGroupString, millis:(new Date).getTime(), type:typeString});
    }
  }

  AllDec.__sendStats = sendStats;
  AllDec.__moduleName = $intern_4;
  AllDec.__errFn = null;
  AllDec.__moduleBase = $intern_6;
  AllDec.__softPermutationId = $intern_7;
  AllDec.__computePropValue = null;
  AllDec.__getPropMap = null;
  AllDec.__installRunAsyncCode = function(){
  }
  ;
  AllDec.__gwtStartLoadingFragment = function(){
    return null;
  }
  ;
  AllDec.__gwt_isKnownPropertyValue = function(){
    return false;
  }
  ;
  AllDec.__gwt_getMetaProperty = function(){
    return null;
  }
  ;
  var __propertyErrorFunction = null;
  var activeModules = $wnd.__gwt_activeModules = $wnd.__gwt_activeModules || {};
  activeModules[$intern_4] = {moduleName:$intern_4};
  AllDec.__moduleStartupDone = function(permProps){
    var oldBindings = activeModules[$intern_4].bindings;
    activeModules[$intern_4].bindings = function(){
      var props = oldBindings?oldBindings():{};
      var embeddedProps = permProps[AllDec.__softPermutationId];
      for (var i = $intern_7; i < embeddedProps.length; i++) {
        var pair = embeddedProps[i];
        props[pair[$intern_7]] = pair[$intern_8];
      }
      return props;
    }
    ;
  }
  ;
  var frameDoc;
  function getInstallLocationDoc(){
    setupInstallLocation();
    return frameDoc;
  }

  function setupInstallLocation(){
    if (frameDoc) {
      return;
    }
    var scriptFrame = $doc.createElement($intern_9);
    scriptFrame.src = $intern_10;
    scriptFrame.id = $intern_4;
    scriptFrame.style.cssText = $intern_11 + $intern_12;
    scriptFrame.tabIndex = -1;
    $doc.body.appendChild(scriptFrame);
    frameDoc = scriptFrame.contentDocument;
    if (!frameDoc) {
      frameDoc = scriptFrame.contentWindow.document;
    }
    frameDoc.open();
    var doctype = document.compatMode == $intern_13?$intern_14:$intern_15;
    frameDoc.write(doctype + $intern_16);
    frameDoc.close();
  }

  function installScript(filename){
    function setupWaitForBodyLoad(callback){
      function isBodyLoaded(){
        if (typeof $doc.readyState == $intern_17) {
          return typeof $doc.body != $intern_17 && $doc.body != null;
        }
        return /loaded|complete/.test($doc.readyState);
      }

      var bodyDone = isBodyLoaded();
      if (bodyDone) {
        callback();
        return;
      }
      function checkBodyDone(){
        if (!bodyDone) {
          if (!isBodyLoaded()) {
            return;
          }
          bodyDone = true;
          callback();
          if ($doc.removeEventListener) {
            $doc.removeEventListener($intern_18, checkBodyDone, false);
          }
          if (onBodyDoneTimerId) {
            clearInterval(onBodyDoneTimerId);
          }
        }
      }

      if ($doc.addEventListener) {
        $doc.addEventListener($intern_18, checkBodyDone, false);
      }
      var onBodyDoneTimerId = setInterval(function(){
        checkBodyDone();
      }
      , $intern_19);
    }

    function installCode(code_0){
      var doc = getInstallLocationDoc();
      var docbody = doc.body;
      var script = doc.createElement($intern_20);
      script.language = $intern_21;
      script.src = code_0;
      if (AllDec.__errFn) {
        script.onerror = function(){
          AllDec.__errFn($intern_4, new Error($intern_22 + code_0));
        }
        ;
      }
      docbody.appendChild(script);
      sendStats($intern_23, $intern_24);
    }

    sendStats($intern_23, $intern_25);
    setupWaitForBodyLoad(function(){
      installCode(filename);
    }
    );
  }

  AllDec.__startLoadingFragment = function(fragmentFile){
    return computeUrlForResource(fragmentFile);
  }
  ;
  AllDec.__installRunAsyncCode = function(code_0){
    var doc = getInstallLocationDoc();
    var docbody = doc.body;
    var script = doc.createElement($intern_20);
    script.language = $intern_21;
    script.text = code_0;
    docbody.appendChild(script);
  }
  ;
  function processMetas(){
    var metaProps = {};
    var propertyErrorFunc;
    var onLoadErrorFunc;
    var metas = $doc.getElementsByTagName($intern_26);
    for (var i = $intern_7, n = metas.length; i < n; ++i) {
      var meta = metas[i], name_0 = meta.getAttribute($intern_27), content;
      if (name_0) {
        name_0 = name_0.replace($intern_28, $intern_15);
        if (name_0.indexOf($intern_29) >= $intern_7) {
          continue;
        }
        if (name_0 == $intern_30) {
          content = meta.getAttribute($intern_31);
          if (content) {
            var value_0, eq = content.indexOf($intern_32);
            if (eq >= $intern_7) {
              name_0 = content.substring($intern_7, eq);
              value_0 = content.substring(eq + $intern_8);
            }
             else {
              name_0 = content;
              value_0 = $intern_15;
            }
            metaProps[name_0] = value_0;
          }
        }
         else if (name_0 == $intern_33) {
          content = meta.getAttribute($intern_31);
          if (content) {
            try {
              propertyErrorFunc = eval(content);
            }
             catch (e) {
              alert($intern_34 + content + $intern_35);
            }
          }
        }
         else if (name_0 == $intern_36) {
          content = meta.getAttribute($intern_31);
          if (content) {
            try {
              onLoadErrorFunc = eval(content);
            }
             catch (e) {
              alert($intern_34 + content + $intern_37);
            }
          }
        }
      }
    }
    __gwt_getMetaProperty = function(name_0){
      var value_0 = metaProps[name_0];
      return value_0 == null?null:value_0;
    }
    ;
    __propertyErrorFunction = propertyErrorFunc;
    AllDec.__errFn = onLoadErrorFunc;
  }

  function computeScriptBase(){
    function getDirectoryOfFile(path){
      var hashIndex = path.lastIndexOf($intern_38);
      if (hashIndex == -1) {
        hashIndex = path.length;
      }
      var queryIndex = path.indexOf($intern_39);
      if (queryIndex == -1) {
        queryIndex = path.length;
      }
      var slashIndex = path.lastIndexOf($intern_40, Math.min(queryIndex, hashIndex));
      return slashIndex >= $intern_7?path.substring($intern_7, slashIndex + $intern_8):$intern_15;
    }

    function ensureAbsoluteUrl(url_0){
      if (url_0.match(/^\w+:\/\//)) {
      }
       else {
        var img = $doc.createElement($intern_41);
        img.src = url_0 + $intern_42;
        url_0 = getDirectoryOfFile(img.src);
      }
      return url_0;
    }

    function tryMetaTag(){
      var metaVal = __gwt_getMetaProperty($intern_43);
      if (metaVal != null) {
        return metaVal;
      }
      return $intern_15;
    }

    function tryNocacheJsTag(){
      var scriptTags = $doc.getElementsByTagName($intern_20);
      for (var i = $intern_7; i < scriptTags.length; ++i) {
        if (scriptTags[i].src.indexOf($intern_44) != -1) {
          return getDirectoryOfFile(scriptTags[i].src);
        }
      }
      return $intern_15;
    }

    function tryBaseTag(){
      var baseElements = $doc.getElementsByTagName($intern_45);
      if (baseElements.length > $intern_7) {
        return baseElements[baseElements.length - $intern_8].href;
      }
      return $intern_15;
    }

    function isLocationOk(){
      var loc = $doc.location;
      return loc.href == loc.protocol + $intern_46 + loc.host + loc.pathname + loc.search + loc.hash;
    }

    var tempBase = tryMetaTag();
    if (tempBase == $intern_15) {
      tempBase = tryNocacheJsTag();
    }
    if (tempBase == $intern_15) {
      tempBase = tryBaseTag();
    }
    if (tempBase == $intern_15 && isLocationOk()) {
      tempBase = getDirectoryOfFile($doc.location.href);
    }
    tempBase = ensureAbsoluteUrl(tempBase);
    return tempBase;
  }

  function computeUrlForResource(resource){
    if (resource.match(/^\//)) {
      return resource;
    }
    if (resource.match(/^[a-zA-Z]+:\/\//)) {
      return resource;
    }
    return AllDec.__moduleBase + resource;
  }

  function getCompiledCodeFilename(){
    var answers = [];
    var softPermutationId = $intern_7;
    function unflattenKeylistIntoAnswers(propValArray, value_0){
      var answer = answers;
      for (var i = $intern_7, n = propValArray.length - $intern_8; i < n; ++i) {
        answer = answer[propValArray[i]] || (answer[propValArray[i]] = []);
      }
      answer[propValArray[n]] = value_0;
    }

    var values = [];
    var providers = [];
    function computePropValue(propName){
      var value_0 = providers[propName](), allowedValuesMap = values[propName];
      if (value_0 in allowedValuesMap) {
        return value_0;
      }
      var allowedValuesList = [];
      for (var k in allowedValuesMap) {
        allowedValuesList[allowedValuesMap[k]] = k;
      }
      if (__propertyErrorFunction) {
        __propertyErrorFunction(propName, allowedValuesList, value_0);
      }
      throw null;
    }

    providers[$intern_47] = function(){
      var ua = navigator.userAgent.toLowerCase();
      var docMode = $doc.documentMode;
      if (function(){
        return ua.indexOf($intern_48) != -1;
      }
      ())
        return $intern_49;
      if (function(){
        return ua.indexOf($intern_50) != -1 && (docMode >= $intern_19 && docMode < $intern_51);
      }
      ())
        return $intern_52;
      if (function(){
        return ua.indexOf($intern_50) != -1 && (docMode >= $intern_53 && docMode < $intern_51);
      }
      ())
        return $intern_54;
      if (function(){
        return ua.indexOf($intern_50) != -1 && (docMode >= $intern_55 && docMode < $intern_51);
      }
      ())
        return $intern_56;
      if (function(){
        return ua.indexOf($intern_57) != -1 || docMode >= $intern_51;
      }
      ())
        return $intern_58;
      return $intern_15;
    }
    ;
    values[$intern_47] = {'gecko1_8':$intern_7, 'ie10':$intern_8, 'ie8':$intern_59, 'ie9':$intern_60, 'safari':$intern_61};
    __gwt_isKnownPropertyValue = function(propName, propValue){
      return propValue in values[propName];
    }
    ;
    AllDec.__getPropMap = function(){
      var result = {};
      for (var key in values) {
        if (values.hasOwnProperty(key)) {
          result[key] = computePropValue(key);
        }
      }
      return result;
    }
    ;
    AllDec.__computePropValue = computePropValue;
    $wnd.__gwt_activeModules[$intern_4].bindings = AllDec.__getPropMap;
    sendStats($intern_0, $intern_62);
    if (isHostedMode()) {
      return computeUrlForResource($intern_63);
    }
    var strongName;
    try {
      unflattenKeylistIntoAnswers([$intern_56], $intern_64);
      unflattenKeylistIntoAnswers([$intern_52], $intern_65);
      unflattenKeylistIntoAnswers([$intern_54], $intern_66);
      unflattenKeylistIntoAnswers([$intern_58], $intern_67);
      unflattenKeylistIntoAnswers([$intern_49], $intern_68);
      strongName = answers[computePropValue($intern_47)];
      var idx = strongName.indexOf($intern_69);
      if (idx != -1) {
        softPermutationId = parseInt(strongName.substring(idx + $intern_8), $intern_19);
        strongName = strongName.substring($intern_7, idx);
      }
    }
     catch (e) {
    }
    AllDec.__softPermutationId = softPermutationId;
    return computeUrlForResource(strongName + $intern_70);
  }

  function loadExternalStylesheets(){
    if (!$wnd.__gwt_stylesLoaded) {
      $wnd.__gwt_stylesLoaded = {};
    }
    function installOneStylesheet(stylesheetUrl){
      if (!__gwt_stylesLoaded[stylesheetUrl]) {
        var l = $doc.createElement($intern_71);
        l.setAttribute($intern_72, $intern_73);
        l.setAttribute($intern_74, computeUrlForResource(stylesheetUrl));
        $doc.getElementsByTagName($intern_75)[$intern_7].appendChild(l);
        __gwt_stylesLoaded[stylesheetUrl] = true;
      }
    }

    sendStats($intern_76, $intern_1);
    installOneStylesheet($intern_77);
    sendStats($intern_76, $intern_78);
  }

  processMetas();
  AllDec.__moduleBase = computeScriptBase();
  activeModules[$intern_4].moduleBase = AllDec.__moduleBase;
  var filename = getCompiledCodeFilename();
  if ($wnd) {
    var devModePermitted = !!($wnd.location.protocol == $intern_79 || $wnd.location.protocol == $intern_80);
    $wnd.__gwt_activeModules[$intern_4].canRedirect = devModePermitted;
    function supportsSessionStorage(){
      var key = $intern_81;
      try {
        $wnd.sessionStorage.setItem(key, key);
        $wnd.sessionStorage.removeItem(key);
        return true;
      }
       catch (e) {
        return false;
      }
    }

    if (devModePermitted && supportsSessionStorage()) {
      var devModeKey = $intern_82;
      var devModeUrl = $wnd.sessionStorage[devModeKey];
      if (!/^http:\/\/(localhost|127\.0\.0\.1)(:\d+)?\/.*$/.test(devModeUrl)) {
        if (devModeUrl && (window.console && console.log)) {
          console.log($intern_83 + devModeUrl);
        }
        devModeUrl = $intern_15;
      }
      if (devModeUrl && !$wnd[devModeKey]) {
        $wnd[devModeKey] = true;
        $wnd[devModeKey + $intern_84] = computeScriptBase();
        var devModeScript = $doc.createElement($intern_20);
        devModeScript.src = devModeUrl;
        var head = $doc.getElementsByTagName($intern_75)[$intern_7];
        head.insertBefore(devModeScript, head.firstElementChild || head.children[$intern_7]);
        return false;
      }
    }
  }
  loadExternalStylesheets();
  sendStats($intern_0, $intern_78);
  installScript(filename);
  return true;
}

AllDec.succeeded = AllDec();

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/ef025b50-c9fd-41b3-b359-f077f5dc7134n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/CADz9YnLOR6KLTMuykeFDCrB0GZmOBOKo4HBSvM%3Dt_-xXFhxpNw%40mail.gmail.com.

Re: apply content secure policy using script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval

Thank for your reply, i have migrated to   2.8.2 but now i am facing new issues 

1. No RPC is call happened Ex: i existing Databasecall to load the data , save data ..etc but after we apply CSP (with unsafe-inline and unsafe-eval) those are not working
2. Existing validations are not triggered ex: earlier my UI is throwing error for mandatory data but now this is not working  

On Thursday 7 March 2024 at 00:08:00 UTC+8 Thomas Broyer wrote:
The problem is not loading the nocache.js itself, but is triggered by the setupInstallLocation function of the nocache.js, at line 71, specifically the line:
$doc.body.appendChild(scriptFrame);
and probably due to that line:
scriptFrame.src = $intern_10;
because of:
$intern_10 = 'javascript:""'

This was actually fixed in 2.8.2: https://github.com/gwtproject/gwt/commit/f5df41df4016cd2ce4e6a15a637dbe2ddc4f3fab, so you're probably using an older version.
One workaround, as described in the comments in that file is to extend CrossSiteIframeLinker and override getJsInstallLocation() to return your own script where you'd have applied the fix.

You'll want to replace those with modified versions (read CrossSiteIframeLinker to see how to override them) that will add the nonce to the dynamically created script (though as they're injected into the iframe that's been dynamicallly created in setupInstallLocation, I'm not sure how/which CSP applies there)
On Wednesday, March 6, 2024 at 4:47:29 PM UTC+1 paparao....@gmail.com wrote:
Hi Team
Hope you are doing well

i am using GWT version 2.8.2
i am trying to apply content secure policy in GWT using  script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval but i am getting below 

setupInstallLocation @ AllDec.nocache.js?timeStamp=1709618887261:71
AllDec.nocache.js?timeStamp=1709618887261:71 Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self'  'nonce-alldec202403040001' 'nonce-alldec202403040002' 'nonce-trwFrame-202403040001' 'nonce-footer-202403040001' 'nonce-menu202403040001' 'nonce-Header2022092604' 'nonce-Header2022092603' 'nonce-Header2022092602' 'nonce-Header2022092601' 'nonce-header-momentjs-20221027' 'nonce-header-inline-2022102701' 'nonce-header-inline-2022102702'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.


my code logic with different approaches and none of them work for me 


<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="alldec202403040001"></script>


<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="nonce-alldec202403040001"></script>

<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?nonce=alldec202403040001&timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="alldec202403040001"></script>


<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?nonce=nonce-alldec202403040001&timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="nonce-alldec202403040001"></script>

i tried this as well but not working 

   String scriptUrl = "../trw4/alldec/AllDec.nocache.js?nonce=alldec202403040001"
   ScriptInjector.fromUrl(scriptUrl)
        .setWindow(ScriptInjector.TOP_WINDOW)
        .inject();

Need your valuable inputs to achieve content secure policy in GWT using  script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval
i suspect the inline java script code is not allowing  to apply  script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval


here is my AllDec.nocache.js 
function AllDec(){
  var $intern_0 = 'bootstrap', $intern_1 = 'begin', $intern_2 = 'gwt.codesvr.AllDec=', $intern_3 = 'gwt.codesvr=', $intern_4 = 'AllDec', $intern_5 = 'startup', $intern_6 = 'DUMMY', $intern_7 = 0, $intern_8 = 1, $intern_9 = 'iframe', $intern_10 = 'javascript:""', $intern_11 = 'position:absolute; width:0; height:0; border:none; left: -1000px;', $intern_12 = ' top: -1000px;', $intern_13 = 'CSS1Compat', $intern_14 = '<!doctype html>', $intern_15 = '', $intern_16 = '<html><head><\/head><body><\/body><\/html>', $intern_17 = 'undefined', $intern_18 = 'readystatechange', $intern_19 = 10, $intern_20 = 'script', $intern_21 = 'javascript', $intern_22 = 'Failed to load ', $intern_23 = 'moduleStartup', $intern_24 = 'scriptTagAdded', $intern_25 = 'moduleRequested', $intern_26 = 'meta', $intern_27 = 'name', $intern_28 = 'AllDec::', $intern_29 = '::', $intern_30 = 'gwt:property', $intern_31 = 'content', $intern_32 = '=', $intern_33 = 'gwt:onPropertyErrorFn', $intern_34 = 'Bad handler "', $intern_35 = '" for "gwt:onPropertyErrorFn"', $intern_36 = 'gwt:onLoadErrorFn', $intern_37 = '" for "gwt:onLoadErrorFn"', $intern_38 = '#', $intern_39 = '?', $intern_40 = '/', $intern_41 = 'img', $intern_42 = 'clear.cache.gif', $intern_43 = 'baseUrl', $intern_44 = 'AllDec.nocache.js', $intern_45 = 'base', $intern_46 = '//', $intern_47 = 'user.agent', $intern_48 = 'webkit', $intern_49 = 'safari', $intern_50 = 'msie', $intern_51 = 11, $intern_52 = 'ie10', $intern_53 = 9, $intern_54 = 'ie9', $intern_55 = 8, $intern_56 = 'ie8', $intern_57 = 'gecko', $intern_58 = 'gecko1_8', $intern_59 = 2, $intern_60 = 3, $intern_61 = 4, $intern_62 = 'selectingPermutation', $intern_63 = 'AllDec.devmode.js', $intern_64 = '0EF85E4190AC447E05897F96A6F99F47', $intern_65 = '4907B969BA14903A87055E501F608F15', $intern_66 = '9EE4E7BDFF866FF07E4C05A26DDA5C46', $intern_67 = 'CDC1ED083BDDEDA5A079F2A66A48A35D', $intern_68 = 'FD596E46A331AE61B689F91C1973282E', $intern_69 = ':', $intern_70 = '.cache.js', $intern_71 = 'link', $intern_72 = 'rel', $intern_73 = 'stylesheet', $intern_74 = 'href', $intern_75 = 'head', $intern_76 = 'loadExternalRefs', $intern_77 = 'Trw4gui.css', $intern_78 = 'end', $intern_79 = 'http:', $intern_80 = 'file:', $intern_81 = '_gwt_dummy_', $intern_82 = '__gwtDevModeHook:AllDec', $intern_83 = 'Ignoring non-whitelisted Dev Mode URL: ', $intern_84 = ':moduleBase';
  var $wnd = window;
  var $doc = document;
  sendStats($intern_0, $intern_1);
  function isHostedMode(){
    var query = $wnd.location.search;
    return query.indexOf($intern_2) != -1 || query.indexOf($intern_3) != -1;
  }

  function sendStats(evtGroupString, typeString){
    if ($wnd.__gwtStatsEvent) {
      $wnd.__gwtStatsEvent({moduleName:$intern_4, sessionId:$wnd.__gwtStatsSessionId, subSystem:$intern_5, evtGroup:evtGroupString, millis:(new Date).getTime(), type:typeString});
    }
  }

  AllDec.__sendStats = sendStats;
  AllDec.__moduleName = $intern_4;
  AllDec.__errFn = null;
  AllDec.__moduleBase = $intern_6;
  AllDec.__softPermutationId = $intern_7;
  AllDec.__computePropValue = null;
  AllDec.__getPropMap = null;
  AllDec.__installRunAsyncCode = function(){
  }
  ;
  AllDec.__gwtStartLoadingFragment = function(){
    return null;
  }
  ;
  AllDec.__gwt_isKnownPropertyValue = function(){
    return false;
  }
  ;
  AllDec.__gwt_getMetaProperty = function(){
    return null;
  }
  ;
  var __propertyErrorFunction = null;
  var activeModules = $wnd.__gwt_activeModules = $wnd.__gwt_activeModules || {};
  activeModules[$intern_4] = {moduleName:$intern_4};
  AllDec.__moduleStartupDone = function(permProps){
    var oldBindings = activeModules[$intern_4].bindings;
    activeModules[$intern_4].bindings = function(){
      var props = oldBindings?oldBindings():{};
      var embeddedProps = permProps[AllDec.__softPermutationId];
      for (var i = $intern_7; i < embeddedProps.length; i++) {
        var pair = embeddedProps[i];
        props[pair[$intern_7]] = pair[$intern_8];
      }
      return props;
    }
    ;
  }
  ;
  var frameDoc;
  function getInstallLocationDoc(){
    setupInstallLocation();
    return frameDoc;
  }

  function setupInstallLocation(){
    if (frameDoc) {
      return;
    }
    var scriptFrame = $doc.createElement($intern_9);
    scriptFrame.src = $intern_10;
    scriptFrame.id = $intern_4;
    scriptFrame.style.cssText = $intern_11 + $intern_12;
    scriptFrame.tabIndex = -1;
    $doc.body.appendChild(scriptFrame);
    frameDoc = scriptFrame.contentDocument;
    if (!frameDoc) {
      frameDoc = scriptFrame.contentWindow.document;
    }
    frameDoc.open();
    var doctype = document.compatMode == $intern_13?$intern_14:$intern_15;
    frameDoc.write(doctype + $intern_16);
    frameDoc.close();
  }

  function installScript(filename){
    function setupWaitForBodyLoad(callback){
      function isBodyLoaded(){
        if (typeof $doc.readyState == $intern_17) {
          return typeof $doc.body != $intern_17 && $doc.body != null;
        }
        return /loaded|complete/.test($doc.readyState);
      }

      var bodyDone = isBodyLoaded();
      if (bodyDone) {
        callback();
        return;
      }
      function checkBodyDone(){
        if (!bodyDone) {
          if (!isBodyLoaded()) {
            return;
          }
          bodyDone = true;
          callback();
          if ($doc.removeEventListener) {
            $doc.removeEventListener($intern_18, checkBodyDone, false);
          }
          if (onBodyDoneTimerId) {
            clearInterval(onBodyDoneTimerId);
          }
        }
      }

      if ($doc.addEventListener) {
        $doc.addEventListener($intern_18, checkBodyDone, false);
      }
      var onBodyDoneTimerId = setInterval(function(){
        checkBodyDone();
      }
      , $intern_19);
    }

    function installCode(code_0){
      var doc = getInstallLocationDoc();
      var docbody = doc.body;
      var script = doc.createElement($intern_20);
      script.language = $intern_21;
      script.src = code_0;
      if (AllDec.__errFn) {
        script.onerror = function(){
          AllDec.__errFn($intern_4, new Error($intern_22 + code_0));
        }
        ;
      }
      docbody.appendChild(script);
      sendStats($intern_23, $intern_24);
    }

    sendStats($intern_23, $intern_25);
    setupWaitForBodyLoad(function(){
      installCode(filename);
    }
    );
  }

  AllDec.__startLoadingFragment = function(fragmentFile){
    return computeUrlForResource(fragmentFile);
  }
  ;
  AllDec.__installRunAsyncCode = function(code_0){
    var doc = getInstallLocationDoc();
    var docbody = doc.body;
    var script = doc.createElement($intern_20);
    script.language = $intern_21;
    script.text = code_0;
    docbody.appendChild(script);
  }
  ;
  function processMetas(){
    var metaProps = {};
    var propertyErrorFunc;
    var onLoadErrorFunc;
    var metas = $doc.getElementsByTagName($intern_26);
    for (var i = $intern_7, n = metas.length; i < n; ++i) {
      var meta = metas[i], name_0 = meta.getAttribute($intern_27), content;
      if (name_0) {
        name_0 = name_0.replace($intern_28, $intern_15);
        if (name_0.indexOf($intern_29) >= $intern_7) {
          continue;
        }
        if (name_0 == $intern_30) {
          content = meta.getAttribute($intern_31);
          if (content) {
            var value_0, eq = content.indexOf($intern_32);
            if (eq >= $intern_7) {
              name_0 = content.substring($intern_7, eq);
              value_0 = content.substring(eq + $intern_8);
            }
             else {
              name_0 = content;
              value_0 = $intern_15;
            }
            metaProps[name_0] = value_0;
          }
        }
         else if (name_0 == $intern_33) {
          content = meta.getAttribute($intern_31);
          if (content) {
            try {
              propertyErrorFunc = eval(content);
            }
             catch (e) {
              alert($intern_34 + content + $intern_35);
            }
          }
        }
         else if (name_0 == $intern_36) {
          content = meta.getAttribute($intern_31);
          if (content) {
            try {
              onLoadErrorFunc = eval(content);
            }
             catch (e) {
              alert($intern_34 + content + $intern_37);
            }
          }
        }
      }
    }
    __gwt_getMetaProperty = function(name_0){
      var value_0 = metaProps[name_0];
      return value_0 == null?null:value_0;
    }
    ;
    __propertyErrorFunction = propertyErrorFunc;
    AllDec.__errFn = onLoadErrorFunc;
  }

  function computeScriptBase(){
    function getDirectoryOfFile(path){
      var hashIndex = path.lastIndexOf($intern_38);
      if (hashIndex == -1) {
        hashIndex = path.length;
      }
      var queryIndex = path.indexOf($intern_39);
      if (queryIndex == -1) {
        queryIndex = path.length;
      }
      var slashIndex = path.lastIndexOf($intern_40, Math.min(queryIndex, hashIndex));
      return slashIndex >= $intern_7?path.substring($intern_7, slashIndex + $intern_8):$intern_15;
    }

    function ensureAbsoluteUrl(url_0){
      if (url_0.match(/^\w+:\/\//)) {
      }
       else {
        var img = $doc.createElement($intern_41);
        img.src = url_0 + $intern_42;
        url_0 = getDirectoryOfFile(img.src);
      }
      return url_0;
    }

    function tryMetaTag(){
      var metaVal = __gwt_getMetaProperty($intern_43);
      if (metaVal != null) {
        return metaVal;
      }
      return $intern_15;
    }

    function tryNocacheJsTag(){
      var scriptTags = $doc.getElementsByTagName($intern_20);
      for (var i = $intern_7; i < scriptTags.length; ++i) {
        if (scriptTags[i].src.indexOf($intern_44) != -1) {
          return getDirectoryOfFile(scriptTags[i].src);
        }
      }
      return $intern_15;
    }

    function tryBaseTag(){
      var baseElements = $doc.getElementsByTagName($intern_45);
      if (baseElements.length > $intern_7) {
        return baseElements[baseElements.length - $intern_8].href;
      }
      return $intern_15;
    }

    function isLocationOk(){
      var loc = $doc.location;
      return loc.href == loc.protocol + $intern_46 + loc.host + loc.pathname + loc.search + loc.hash;
    }

    var tempBase = tryMetaTag();
    if (tempBase == $intern_15) {
      tempBase = tryNocacheJsTag();
    }
    if (tempBase == $intern_15) {
      tempBase = tryBaseTag();
    }
    if (tempBase == $intern_15 && isLocationOk()) {
      tempBase = getDirectoryOfFile($doc.location.href);
    }
    tempBase = ensureAbsoluteUrl(tempBase);
    return tempBase;
  }

  function computeUrlForResource(resource){
    if (resource.match(/^\//)) {
      return resource;
    }
    if (resource.match(/^[a-zA-Z]+:\/\//)) {
      return resource;
    }
    return AllDec.__moduleBase + resource;
  }

  function getCompiledCodeFilename(){
    var answers = [];
    var softPermutationId = $intern_7;
    function unflattenKeylistIntoAnswers(propValArray, value_0){
      var answer = answers;
      for (var i = $intern_7, n = propValArray.length - $intern_8; i < n; ++i) {
        answer = answer[propValArray[i]] || (answer[propValArray[i]] = []);
      }
      answer[propValArray[n]] = value_0;
    }

    var values = [];
    var providers = [];
    function computePropValue(propName){
      var value_0 = providers[propName](), allowedValuesMap = values[propName];
      if (value_0 in allowedValuesMap) {
        return value_0;
      }
      var allowedValuesList = [];
      for (var k in allowedValuesMap) {
        allowedValuesList[allowedValuesMap[k]] = k;
      }
      if (__propertyErrorFunction) {
        __propertyErrorFunction(propName, allowedValuesList, value_0);
      }
      throw null;
    }

    providers[$intern_47] = function(){
      var ua = navigator.userAgent.toLowerCase();
      var docMode = $doc.documentMode;
      if (function(){
        return ua.indexOf($intern_48) != -1;
      }
      ())
        return $intern_49;
      if (function(){
        return ua.indexOf($intern_50) != -1 && (docMode >= $intern_19 && docMode < $intern_51);
      }
      ())
        return $intern_52;
      if (function(){
        return ua.indexOf($intern_50) != -1 && (docMode >= $intern_53 && docMode < $intern_51);
      }
      ())
        return $intern_54;
      if (function(){
        return ua.indexOf($intern_50) != -1 && (docMode >= $intern_55 && docMode < $intern_51);
      }
      ())
        return $intern_56;
      if (function(){
        return ua.indexOf($intern_57) != -1 || docMode >= $intern_51;
      }
      ())
        return $intern_58;
      return $intern_15;
    }
    ;
    values[$intern_47] = {'gecko1_8':$intern_7, 'ie10':$intern_8, 'ie8':$intern_59, 'ie9':$intern_60, 'safari':$intern_61};
    __gwt_isKnownPropertyValue = function(propName, propValue){
      return propValue in values[propName];
    }
    ;
    AllDec.__getPropMap = function(){
      var result = {};
      for (var key in values) {
        if (values.hasOwnProperty(key)) {
          result[key] = computePropValue(key);
        }
      }
      return result;
    }
    ;
    AllDec.__computePropValue = computePropValue;
    $wnd.__gwt_activeModules[$intern_4].bindings = AllDec.__getPropMap;
    sendStats($intern_0, $intern_62);
    if (isHostedMode()) {
      return computeUrlForResource($intern_63);
    }
    var strongName;
    try {
      unflattenKeylistIntoAnswers([$intern_56], $intern_64);
      unflattenKeylistIntoAnswers([$intern_52], $intern_65);
      unflattenKeylistIntoAnswers([$intern_54], $intern_66);
      unflattenKeylistIntoAnswers([$intern_58], $intern_67);
      unflattenKeylistIntoAnswers([$intern_49], $intern_68);
      strongName = answers[computePropValue($intern_47)];
      var idx = strongName.indexOf($intern_69);
      if (idx != -1) {
        softPermutationId = parseInt(strongName.substring(idx + $intern_8), $intern_19);
        strongName = strongName.substring($intern_7, idx);
      }
    }
     catch (e) {
    }
    AllDec.__softPermutationId = softPermutationId;
    return computeUrlForResource(strongName + $intern_70);
  }

  function loadExternalStylesheets(){
    if (!$wnd.__gwt_stylesLoaded) {
      $wnd.__gwt_stylesLoaded = {};
    }
    function installOneStylesheet(stylesheetUrl){
      if (!__gwt_stylesLoaded[stylesheetUrl]) {
        var l = $doc.createElement($intern_71);
        l.setAttribute($intern_72, $intern_73);
        l.setAttribute($intern_74, computeUrlForResource(stylesheetUrl));
        $doc.getElementsByTagName($intern_75)[$intern_7].appendChild(l);
        __gwt_stylesLoaded[stylesheetUrl] = true;
      }
    }

    sendStats($intern_76, $intern_1);
    installOneStylesheet($intern_77);
    sendStats($intern_76, $intern_78);
  }

  processMetas();
  AllDec.__moduleBase = computeScriptBase();
  activeModules[$intern_4].moduleBase = AllDec.__moduleBase;
  var filename = getCompiledCodeFilename();
  if ($wnd) {
    var devModePermitted = !!($wnd.location.protocol == $intern_79 || $wnd.location.protocol == $intern_80);
    $wnd.__gwt_activeModules[$intern_4].canRedirect = devModePermitted;
    function supportsSessionStorage(){
      var key = $intern_81;
      try {
        $wnd.sessionStorage.setItem(key, key);
        $wnd.sessionStorage.removeItem(key);
        return true;
      }
       catch (e) {
        return false;
      }
    }

    if (devModePermitted && supportsSessionStorage()) {
      var devModeKey = $intern_82;
      var devModeUrl = $wnd.sessionStorage[devModeKey];
      if (!/^http:\/\/(localhost|127\.0\.0\.1)(:\d+)?\/.*$/.test(devModeUrl)) {
        if (devModeUrl && (window.console && console.log)) {
          console.log($intern_83 + devModeUrl);
        }
        devModeUrl = $intern_15;
      }
      if (devModeUrl && !$wnd[devModeKey]) {
        $wnd[devModeKey] = true;
        $wnd[devModeKey + $intern_84] = computeScriptBase();
        var devModeScript = $doc.createElement($intern_20);
        devModeScript.src = devModeUrl;
        var head = $doc.getElementsByTagName($intern_75)[$intern_7];
        head.insertBefore(devModeScript, head.firstElementChild || head.children[$intern_7]);
        return false;
      }
    }
  }
  loadExternalStylesheets();
  sendStats($intern_0, $intern_78);
  installScript(filename);
  return true;
}

AllDec.succeeded = AllDec();

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/ef025b50-c9fd-41b3-b359-f077f5dc7134n%40googlegroups.com.

Wednesday, March 6, 2024

Re: apply content secure policy using script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval

The problem is not loading the nocache.js itself, but is triggered by the setupInstallLocation function of the nocache.js, at line 71, specifically the line:
$doc.body.appendChild(scriptFrame);
and probably due to that line:
scriptFrame.src = $intern_10;
because of:
$intern_10 = 'javascript:""'

This was actually fixed in 2.8.2: https://github.com/gwtproject/gwt/commit/f5df41df4016cd2ce4e6a15a637dbe2ddc4f3fab, so you're probably using an older version.
One workaround, as described in the comments in that file is to extend CrossSiteIframeLinker and override getJsInstallLocation() to return your own script where you'd have applied the fix.

…but then things will break in installCode and __installRunAsyncCode, coming from https://github.com/gwtproject/gwt/blob/2.8.2/dev/core/src/com/google/gwt/core/ext/linker/impl/installScriptDirect.js and https://github.com/gwtproject/gwt/blob/2.8.2/dev/core/src/com/google/gwt/core/ext/linker/impl/runAsync.js respectively.
You'll want to replace those with modified versions (read CrossSiteIframeLinker to see how to override them) that will add the nonce to the dynamically created script (though as they're injected into the iframe that's been dynamicallly created in setupInstallLocation, I'm not sure how/which CSP applies there)
On Wednesday, March 6, 2024 at 4:47:29 PM UTC+1 paparao....@gmail.com wrote:
Hi Team
Hope you are doing well

i am using GWT version 2.8.2
i am trying to apply content secure policy in GWT using  script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval but i am getting below 

setupInstallLocation @ AllDec.nocache.js?timeStamp=1709618887261:71
AllDec.nocache.js?timeStamp=1709618887261:71 Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self'  'nonce-alldec202403040001' 'nonce-alldec202403040002' 'nonce-trwFrame-202403040001' 'nonce-footer-202403040001' 'nonce-menu202403040001' 'nonce-Header2022092604' 'nonce-Header2022092603' 'nonce-Header2022092602' 'nonce-Header2022092601' 'nonce-header-momentjs-20221027' 'nonce-header-inline-2022102701' 'nonce-header-inline-2022102702'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.


my code logic with different approaches and none of them work for me 


<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="alldec202403040001"></script>


<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="nonce-alldec202403040001"></script>

<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?nonce=alldec202403040001&timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="alldec202403040001"></script>


<script type="text/javascript" language="javascript" src="../trw4/alldec/AllDec.nocache.js?nonce=nonce-alldec202403040001&timeStamp=<%= "" + new java.util.Date().getTime() %>" nonce="nonce-alldec202403040001"></script>

i tried this as well but not working 

   String scriptUrl = "../trw4/alldec/AllDec.nocache.js?nonce=alldec202403040001"
   ScriptInjector.fromUrl(scriptUrl)
        .setWindow(ScriptInjector.TOP_WINDOW)
        .inject();

Need your valuable inputs to achieve content secure policy in GWT using  script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval
i suspect the inline java script code is not allowing  to apply  script-src 'self' and object-src 'self' without unsafe-inline and unsafe-eval


here is my AllDec.nocache.js 
function AllDec(){
  var $intern_0 = 'bootstrap', $intern_1 = 'begin', $intern_2 = 'gwt.codesvr.AllDec=', $intern_3 = 'gwt.codesvr=', $intern_4 = 'AllDec', $intern_5 = 'startup', $intern_6 = 'DUMMY', $intern_7 = 0, $intern_8 = 1, $intern_9 = 'iframe', $intern_10 = 'javascript:""', $intern_11 = 'position:absolute; width:0; height:0; border:none; left: -1000px;', $intern_12 = ' top: -1000px;', $intern_13 = 'CSS1Compat', $intern_14 = '<!doctype html>', $intern_15 = '', $intern_16 = '<html><head><\/head><body><\/body><\/html>', $intern_17 = 'undefined', $intern_18 = 'readystatechange', $intern_19 = 10, $intern_20 = 'script', $intern_21 = 'javascript', $intern_22 = 'Failed to load ', $intern_23 = 'moduleStartup', $intern_24 = 'scriptTagAdded', $intern_25 = 'moduleRequested', $intern_26 = 'meta', $intern_27 = 'name', $intern_28 = 'AllDec::', $intern_29 = '::', $intern_30 = 'gwt:property', $intern_31 = 'content', $intern_32 = '=', $intern_33 = 'gwt:onPropertyErrorFn', $intern_34 = 'Bad handler "', $intern_35 = '" for "gwt:onPropertyErrorFn"', $intern_36 = 'gwt:onLoadErrorFn', $intern_37 = '" for "gwt:onLoadErrorFn"', $intern_38 = '#', $intern_39 = '?', $intern_40 = '/', $intern_41 = 'img', $intern_42 = 'clear.cache.gif', $intern_43 = 'baseUrl', $intern_44 = 'AllDec.nocache.js', $intern_45 = 'base', $intern_46 = '//', $intern_47 = 'user.agent', $intern_48 = 'webkit', $intern_49 = 'safari', $intern_50 = 'msie', $intern_51 = 11, $intern_52 = 'ie10', $intern_53 = 9, $intern_54 = 'ie9', $intern_55 = 8, $intern_56 = 'ie8', $intern_57 = 'gecko', $intern_58 = 'gecko1_8', $intern_59 = 2, $intern_60 = 3, $intern_61 = 4, $intern_62 = 'selectingPermutation', $intern_63 = 'AllDec.devmode.js', $intern_64 = '0EF85E4190AC447E05897F96A6F99F47', $intern_65 = '4907B969BA14903A87055E501F608F15', $intern_66 = '9EE4E7BDFF866FF07E4C05A26DDA5C46', $intern_67 = 'CDC1ED083BDDEDA5A079F2A66A48A35D', $intern_68 = 'FD596E46A331AE61B689F91C1973282E', $intern_69 = ':', $intern_70 = '.cache.js', $intern_71 = 'link', $intern_72 = 'rel', $intern_73 = 'stylesheet', $intern_74 = 'href', $intern_75 = 'head', $intern_76 = 'loadExternalRefs', $intern_77 = 'Trw4gui.css', $intern_78 = 'end', $intern_79 = 'http:', $intern_80 = 'file:', $intern_81 = '_gwt_dummy_', $intern_82 = '__gwtDevModeHook:AllDec', $intern_83 = 'Ignoring non-whitelisted Dev Mode URL: ', $intern_84 = ':moduleBase';
  var $wnd = window;
  var $doc = document;
  sendStats($intern_0, $intern_1);
  function isHostedMode(){
    var query = $wnd.location.search;
    return query.indexOf($intern_2) != -1 || query.indexOf($intern_3) != -1;
  }

  function sendStats(evtGroupString, typeString){
    if ($wnd.__gwtStatsEvent) {
      $wnd.__gwtStatsEvent({moduleName:$intern_4, sessionId:$wnd.__gwtStatsSessionId, subSystem:$intern_5, evtGroup:evtGroupString, millis:(new Date).getTime(), type:typeString});
    }
  }

  AllDec.__sendStats = sendStats;
  AllDec.__moduleName = $intern_4;
  AllDec.__errFn = null;
  AllDec.__moduleBase = $intern_6;
  AllDec.__softPermutationId = $intern_7;
  AllDec.__computePropValue = null;
  AllDec.__getPropMap = null;
  AllDec.__installRunAsyncCode = function(){
  }
  ;
  AllDec.__gwtStartLoadingFragment = function(){
    return null;
  }
  ;
  AllDec.__gwt_isKnownPropertyValue = function(){
    return false;
  }
  ;
  AllDec.__gwt_getMetaProperty = function(){
    return null;
  }
  ;
  var __propertyErrorFunction = null;
  var activeModules = $wnd.__gwt_activeModules = $wnd.__gwt_activeModules || {};
  activeModules[$intern_4] = {moduleName:$intern_4};
  AllDec.__moduleStartupDone = function(permProps){
    var oldBindings = activeModules[$intern_4].bindings;
    activeModules[$intern_4].bindings = function(){
      var props = oldBindings?oldBindings():{};
      var embeddedProps = permProps[AllDec.__softPermutationId];
      for (var i = $intern_7; i < embeddedProps.length; i++) {
        var pair = embeddedProps[i];
        props[pair[$intern_7]] = pair[$intern_8];
      }
      return props;
    }
    ;
  }
  ;
  var frameDoc;
  function getInstallLocationDoc(){
    setupInstallLocation();
    return frameDoc;
  }

  function setupInstallLocation(){
    if (frameDoc) {
      return;
    }
    var scriptFrame = $doc.createElement($intern_9);
    scriptFrame.src = $intern_10;
    scriptFrame.id = $intern_4;
    scriptFrame.style.cssText = $intern_11 + $intern_12;
    scriptFrame.tabIndex = -1;
    $doc.body.appendChild(scriptFrame);
    frameDoc = scriptFrame.contentDocument;
    if (!frameDoc) {
      frameDoc = scriptFrame.contentWindow.document;
    }
    frameDoc.open();
    var doctype = document.compatMode == $intern_13?$intern_14:$intern_15;
    frameDoc.write(doctype + $intern_16);
    frameDoc.close();
  }

  function installScript(filename){
    function setupWaitForBodyLoad(callback){
      function isBodyLoaded(){
        if (typeof $doc.readyState == $intern_17) {
          return typeof $doc.body != $intern_17 && $doc.body != null;
        }
        return /loaded|complete/.test($doc.readyState);
      }

      var bodyDone = isBodyLoaded();
      if (bodyDone) {
        callback();
        return;
      }
      function checkBodyDone(){
        if (!bodyDone) {
          if (!isBodyLoaded()) {
            return;
          }
          bodyDone = true;
          callback();
          if ($doc.removeEventListener) {
            $doc.removeEventListener($intern_18, checkBodyDone, false);
          }
          if (onBodyDoneTimerId) {
            clearInterval(onBodyDoneTimerId);
          }
        }
      }

      if ($doc.addEventListener) {
        $doc.addEventListener($intern_18, checkBodyDone, false);
      }
      var onBodyDoneTimerId = setInterval(function(){
        checkBodyDone();
      }
      , $intern_19);
    }

    function installCode(code_0){
      var doc = getInstallLocationDoc();
      var docbody = doc.body;
      var script = doc.createElement($intern_20);
      script.language = $intern_21;
      script.src = code_0;
      if (AllDec.__errFn) {
        script.onerror = function(){
          AllDec.__errFn($intern_4, new Error($intern_22 + code_0));
        }
        ;
      }
      docbody.appendChild(script);
      sendStats($intern_23, $intern_24);
    }

    sendStats($intern_23, $intern_25);
    setupWaitForBodyLoad(function(){
      installCode(filename);
    }
    );
  }

  AllDec.__startLoadingFragment = function(fragmentFile){
    return computeUrlForResource(fragmentFile);
  }
  ;
  AllDec.__installRunAsyncCode = function(code_0){
    var doc = getInstallLocationDoc();
    var docbody = doc.body;
    var script = doc.createElement($intern_20);
    script.language = $intern_21;
    script.text = code_0;
    docbody.appendChild(script);
  }
  ;
  function processMetas(){
    var metaProps = {};
    var propertyErrorFunc;
    var onLoadErrorFunc;
    var metas = $doc.getElementsByTagName($intern_26);
    for (var i = $intern_7, n = metas.length; i < n; ++i) {
      var meta = metas[i], name_0 = meta.getAttribute($intern_27), content;
      if (name_0) {
        name_0 = name_0.replace($intern_28, $intern_15);
        if (name_0.indexOf($intern_29) >= $intern_7) {
          continue;
        }
        if (name_0 == $intern_30) {
          content = meta.getAttribute($intern_31);
          if (content) {
            var value_0, eq = content.indexOf($intern_32);
            if (eq >= $intern_7) {
              name_0 = content.substring($intern_7, eq);
              value_0 = content.substring(eq + $intern_8);
            }
             else {
              name_0 = content;
              value_0 = $intern_15;
            }
            metaProps[name_0] = value_0;
          }
        }
         else if (name_0 == $intern_33) {
          content = meta.getAttribute($intern_31);
          if (content) {
            try {
              propertyErrorFunc = eval(content);
            }
             catch (e) {
              alert($intern_34 + content + $intern_35);
            }
          }
        }
         else if (name_0 == $intern_36) {
          content = meta.getAttribute($intern_31);
          if (content) {
            try {
              onLoadErrorFunc = eval(content);
            }
             catch (e) {
              alert($intern_34 + content + $intern_37);
            }
          }
        }
      }
    }
    __gwt_getMetaProperty = function(name_0){
      var value_0 = metaProps[name_0];
      return value_0 == null?null:value_0;
    }
    ;
    __propertyErrorFunction = propertyErrorFunc;
    AllDec.__errFn = onLoadErrorFunc;
  }

  function computeScriptBase(){
    function getDirectoryOfFile(path){
      var hashIndex = path.lastIndexOf($intern_38);
      if (hashIndex == -1) {
        hashIndex = path.length;
      }
      var queryIndex = path.indexOf($intern_39);
      if (queryIndex == -1) {
        queryIndex = path.length;
      }
      var slashIndex = path.lastIndexOf($intern_40, Math.min(queryIndex, hashIndex));
      return slashIndex >= $intern_7?path.substring($intern_7, slashIndex + $intern_8):$intern_15;
    }

    function ensureAbsoluteUrl(url_0){
      if (url_0.match(/^\w+:\/\//)) {
      }
       else {
        var img = $doc.createElement($intern_41);
        img.src = url_0 + $intern_42;
        url_0 = getDirectoryOfFile(img.src);
      }
      return url_0;
    }

    function tryMetaTag(){
      var metaVal = __gwt_getMetaProperty($intern_43);
      if (metaVal != null) {
        return metaVal;
      }
      return $intern_15;
    }

    function tryNocacheJsTag(){
      var scriptTags = $doc.getElementsByTagName($intern_20);
      for (var i = $intern_7; i < scriptTags.length; ++i) {
        if (scriptTags[i].src.indexOf($intern_44) != -1) {
          return getDirectoryOfFile(scriptTags[i].src);
        }
      }
      return $intern_15;
    }

    function tryBaseTag(){
      var baseElements = $doc.getElementsByTagName($intern_45);
      if (baseElements.length > $intern_7) {
        return baseElements[baseElements.length - $intern_8].href;
      }
      return $intern_15;
    }

    function isLocationOk(){
      var loc = $doc.location;
      return loc.href == loc.protocol + $intern_46 + loc.host + loc.pathname + loc.search + loc.hash;
    }

    var tempBase = tryMetaTag();
    if (tempBase == $intern_15) {
      tempBase = tryNocacheJsTag();
    }
    if (tempBase == $intern_15) {
      tempBase = tryBaseTag();
    }
    if (tempBase == $intern_15 && isLocationOk()) {
      tempBase = getDirectoryOfFile($doc.location.href);
    }
    tempBase = ensureAbsoluteUrl(tempBase);
    return tempBase;
  }

  function computeUrlForResource(resource){
    if (resource.match(/^\//)) {
      return resource;
    }
    if (resource.match(/^[a-zA-Z]+:\/\//)) {
      return resource;
    }
    return AllDec.__moduleBase + resource;
  }

  function getCompiledCodeFilename(){
    var answers = [];
    var softPermutationId = $intern_7;
    function unflattenKeylistIntoAnswers(propValArray, value_0){
      var answer = answers;
      for (var i = $intern_7, n = propValArray.length - $intern_8; i < n; ++i) {
        answer = answer[propValArray[i]] || (answer[propValArray[i]] = []);
      }
      answer[propValArray[n]] = value_0;
    }

    var values = [];
    var providers = [];
    function computePropValue(propName){
      var value_0 = providers[propName](), allowedValuesMap = values[propName];
      if (value_0 in allowedValuesMap) {
        return value_0;
      }
      var allowedValuesList = [];
      for (var k in allowedValuesMap) {
        allowedValuesList[allowedValuesMap[k]] = k;
      }
      if (__propertyErrorFunction) {
        __propertyErrorFunction(propName, allowedValuesList, value_0);
      }
      throw null;
    }

    providers[$intern_47] = function(){
      var ua = navigator.userAgent.toLowerCase();
      var docMode = $doc.documentMode;
      if (function(){
        return ua.indexOf($intern_48) != -1;
      }
      ())
        return $intern_49;
      if (function(){
        return ua.indexOf($intern_50) != -1 && (docMode >= $intern_19 && docMode < $intern_51);
      }
      ())
        return $intern_52;
      if (function(){
        return ua.indexOf($intern_50) != -1 && (docMode >= $intern_53 && docMode < $intern_51);
      }
      ())
        return $intern_54;
      if (function(){
        return ua.indexOf($intern_50) != -1 && (docMode >= $intern_55 && docMode < $intern_51);
      }
      ())
        return $intern_56;
      if (function(){
        return ua.indexOf($intern_57) != -1 || docMode >= $intern_51;
      }
      ())
        return $intern_58;
      return $intern_15;
    }
    ;
    values[$intern_47] = {'gecko1_8':$intern_7, 'ie10':$intern_8, 'ie8':$intern_59, 'ie9':$intern_60, 'safari':$intern_61};
    __gwt_isKnownPropertyValue = function(propName, propValue){
      return propValue in values[propName];
    }
    ;
    AllDec.__getPropMap = function(){
      var result = {};
      for (var key in values) {
        if (values.hasOwnProperty(key)) {
          result[key] = computePropValue(key);
        }
      }
      return result;
    }
    ;
    AllDec.__computePropValue = computePropValue;
    $wnd.__gwt_activeModules[$intern_4].bindings = AllDec.__getPropMap;
    sendStats($intern_0, $intern_62);
    if (isHostedMode()) {
      return computeUrlForResource($intern_63);
    }
    var strongName;
    try {
      unflattenKeylistIntoAnswers([$intern_56], $intern_64);
      unflattenKeylistIntoAnswers([$intern_52], $intern_65);
      unflattenKeylistIntoAnswers([$intern_54], $intern_66);
      unflattenKeylistIntoAnswers([$intern_58], $intern_67);
      unflattenKeylistIntoAnswers([$intern_49], $intern_68);
      strongName = answers[computePropValue($intern_47)];
      var idx = strongName.indexOf($intern_69);
      if (idx != -1) {
        softPermutationId = parseInt(strongName.substring(idx + $intern_8), $intern_19);
        strongName = strongName.substring($intern_7, idx);
      }
    }
     catch (e) {
    }
    AllDec.__softPermutationId = softPermutationId;
    return computeUrlForResource(strongName + $intern_70);
  }

  function loadExternalStylesheets(){
    if (!$wnd.__gwt_stylesLoaded) {
      $wnd.__gwt_stylesLoaded = {};
    }
    function installOneStylesheet(stylesheetUrl){
      if (!__gwt_stylesLoaded[stylesheetUrl]) {
        var l = $doc.createElement($intern_71);
        l.setAttribute($intern_72, $intern_73);
        l.setAttribute($intern_74, computeUrlForResource(stylesheetUrl));
        $doc.getElementsByTagName($intern_75)[$intern_7].appendChild(l);
        __gwt_stylesLoaded[stylesheetUrl] = true;
      }
    }

    sendStats($intern_76, $intern_1);
    installOneStylesheet($intern_77);
    sendStats($intern_76, $intern_78);
  }

  processMetas();
  AllDec.__moduleBase = computeScriptBase();
  activeModules[$intern_4].moduleBase = AllDec.__moduleBase;
  var filename = getCompiledCodeFilename();
  if ($wnd) {
    var devModePermitted = !!($wnd.location.protocol == $intern_79 || $wnd.location.protocol == $intern_80);
    $wnd.__gwt_activeModules[$intern_4].canRedirect = devModePermitted;
    function supportsSessionStorage(){
      var key = $intern_81;
      try {
        $wnd.sessionStorage.setItem(key, key);
        $wnd.sessionStorage.removeItem(key);
        return true;
      }
       catch (e) {
        return false;
      }
    }

    if (devModePermitted && supportsSessionStorage()) {
      var devModeKey = $intern_82;
      var devModeUrl = $wnd.sessionStorage[devModeKey];
      if (!/^http:\/\/(localhost|127\.0\.0\.1)(:\d+)?\/.*$/.test(devModeUrl)) {
        if (devModeUrl && (window.console && console.log)) {
          console.log($intern_83 + devModeUrl);
        }
        devModeUrl = $intern_15;
      }
      if (devModeUrl && !$wnd[devModeKey]) {
        $wnd[devModeKey] = true;
        $wnd[devModeKey + $intern_84] = computeScriptBase();
        var devModeScript = $doc.createElement($intern_20);
        devModeScript.src = devModeUrl;
        var head = $doc.getElementsByTagName($intern_75)[$intern_7];
        head.insertBefore(devModeScript, head.firstElementChild || head.children[$intern_7]);
        return false;
      }
    }
  }
  loadExternalStylesheets();
  sendStats($intern_0, $intern_78);
  installScript(filename);
  return true;
}

AllDec.succeeded = AllDec();

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/ae7bfc42-bf85-48cc-8371-d877127d82e8n%40googlegroups.com.