Its because of same origin policy enforced by browsers and not because of cross site scripting (which is an attack).
-- If you don't want to make your REST service JSONP compatible and you don't want to use CORS headers then you must make sure that your GWT app can access the REST service through the same domain/origin that the GWT app is served from. Usually you can do that by configuring a reverse proxy on http://gwt-domain.com that redirects your GWT server requests from http://gwt-domain.com/api/* to http://rest-backend.com/* or similar.
Such a proxy also gives you the freedom to move your backend to other locations without updating the GWT app itself. We use NGINX as such a proxy.
The only other alternative is that the GWT app makes requests to a servlet running on the host that serves the GWT app and that servlet then makes a request to the REST backend. So that servlet then also acts as a proxy. For example you could install such a servlet on http://gwt-domain.com/api/*
-- J.
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment