Disable SOP for GWT Learnings

Submitted by prhodes on Wed, 07/14/2010 - 19:35

What I have just learned is that I have been implementing all communication with my server using JSONPRequestBuilder in order to deal with SOP (Same Origin Policy) for no need. I could be just using RequestBuilder.

This is because in GWT development, I was trying to communicate from my GWT application to a Tomcat server running locally on a different port. For whatever reason, I thought in a Development environment would be "more restrictive" than a production environment, but alas, I did not understand that whenever I would deploy my GWT application, I would either be download the GWT code from the same server that the GWT client would be communicating with, or running GWT application from the filesystem.

In the GWT documentation, it states that even when running from the filesystem, the SOP policy is still in effect, but this is not the case when you are running from the filesystem using a WEBKIT base browser. If you are running from the filesystem using a WEBKIT browser (i.e. safari), the SOP policy is disabled.

Because phonegap is leveraging Webkit based browsers (at least for android and iphone), I do not have to worry about the SOP policy for my applications and happily use RequestBuilder.

Firefox, which is not Webkit based, does implement the SOP policy, so whether I am running my compile GWT application from the filesystem, or using the GWT browser, it will only allow communication to the server that invoked it.

That said, on windows, firefox is the browser that I debug/run/test my GWT applications with. How can I disabled SOP for firefox in the development environment. I found this: http://code.google.com/webtoolkit/doc/1.6/FAQ_DebuggingAndCompiling.html... Basically, I could change my server to run GWT. I didn't want to do this. I still needed to compile my GWT application, and I was concerned about the realtime debugging. This didn't feel right to me.

Many google searches later, I did not find an easy answer for this. I found various scripts that would try to enable privileges or folks that modifyed prefs.js Even found someone had re-compiled firefox! Ouch, not for me.

In the end, what I did was configure my Apache running in my trusty XAMP console to be a reverse proxy. I admit that I found references to Apache reverse proxy as a solution to the SOP policy, I ignored these because I thought that I would be runnign from the file system, in which case a reverse proxy wouldn't help me. But now, I have discovered that it's only my development environment that "needed fixed"


#This is my grails app
<Location /georepo>
   ProxyPass http://localhost:8080/georepo
   ProxyPassReverse http://localhost:8080/georepo
</Location>

#This is the GWT service
<Location /gwt>
   ProxyPass http://localhost:8888
   ProxyPassReverse http://localhost:8888
</Location>




One last point, make sure you use the FULL url to your GWT app while developing. While http://localhost/gwt will bring up your application, it's not quite right. I found by using the http://localhost/gwt/MyWebApp.html?gwt.codesvr=127.0.0.1:9997 URL, things behaved much better

 


Comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options