Tuesday, June 23, 2015

Re: Gwt with Rest Architecture problem

About CORS:
You don't need to add anything to your REST headers. Tomcat can handle it for you assuming that the url of the gwt application is known to the the tomcat serving the REST backend. See https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter

    Vassilis

On Tue, Jun 23, 2015 at 2:55 PM, Jens <jens.nehlmeier@gmail.com> wrote:
Its because of same origin policy enforced by browsers and not because of cross site scripting (which is an attack).

If you don't want to make your REST service JSONP compatible and you don't want to use CORS headers then you must make sure that your GWT app can access the REST service through the same domain/origin that the GWT app is served from. Usually you can do that by configuring a reverse proxy on http://gwt-domain.com that redirects your GWT server requests from http://gwt-domain.com/api/* to http://rest-backend.com/* or similar.

Such a proxy also gives you the freedom to move your backend to other locations without updating the GWT app itself. We use NGINX as such a proxy.

The only other alternative is that the GWT app makes requests to a servlet running on the host that serves the GWT app and that servlet then makes a request to the REST backend. So that servlet then also acts as a proxy. For example you could install such a servlet on http://gwt-domain.com/api/*

-- J.

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.



--
Vassilis Virvilis

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment