Problem with cross domain GET (CORS) in 1.4.1-SNAPSHOT

[tienhm]

To make a cross domain GET request to an external http server using CORS, I used the following pattern: GQuery.ajax(Ajax.createSettings() .setUrl(crossDomainUrl) .setType("GET") .setDataType("text/html") .setTimeout(timeout) .setSuccess(new Function() { public void f() { ... } }) .setError(new Function() { .... }); The pattern works with GWTQuery 1.3.3. But with 1.4.1 snapshot

• In Firefox: the application sends only OPTION (the response from external http server is 200 OK) instead of GET.
• In Opera GET is found but the reply from external http server is super slow (the response is 200 OK which is good), i.e the timeout is not recognised in Opera.
• In Chorme GET is found, request is cancelled most of the case because of timeout.

[manolo]

could you provide that 'crossDomainUrl' so as we test with the same page ?

[tienhm]

I ran it with a localhost http server, but you may try with http://www.wikipedia.org, GQuery falls into the same situation.

[manolo]

It is a CORS problem, you cannot request an URL out of the domain you downloaded your gwt application unless you configure the target url to support cors for your domain.

Of course http://www.wikipedia.org is not authorizing your CORS request and it fails, like probably your crossDomainUrl is doing.

Read this document about how to deal with CORS in gQuery (getJSONP and CORS sections).

[tienhm]

Oh, sorry, I was too hurry to give out an exapmle site with such a huge ignorance. In fact, my local server returns always Access-Control-Allow-Origin: * in its response header. And as I mentioned, it works with 1.3.3 until I decided to upgrade to 1.4.1 (to fix the JSON name annotation issue). For a precise example, I heart that Flickr supports CORS but have not yet tested, I'll have a look and contact you later for the correct end point.

[jDramaix]

I think I found the problem. Since the last version GQuery set the property withCredentials of the xmlHttpRequest to true by default :

(line 127 from PromiseReqBuilder)

    // Using gQuery to set credentials since this method was added in 2.5.1
    // xmlHttpRequest.setWithCredentials(true);
    JsUtils.prop(xmlHttpRequest, "withCredentials", true);

We cannot do that because it implies that the server has to return the header Access-Control-Allow-Credentials: true But forcing this header means that you cannot use Access-Control-Allow-Origin: * The best is to add a setting withCredentials in the Settings object and only when the settings is set to true call the code : JsUtils.prop(xmlHttpRequest, "withCredentials", true);

[jDramaix]

This is a blocking issue I think and we should release a bug fix release once this issue is fixed

[tienhm]

+1 for Julien's idea btw, I found a cors-test service at http://cors-test.appspot.com/test It is ok with GQuery 1.4.1 since the access-control-allow-credentials: true is returned in the response header.

[jDramaix]

Manolo did you merge your fix into master ?

[jDramaix]

ok the fix is part of the following PR : https://github.com/gwtquery/gwtquery/pull/264 Not merged yet

[manolo]

merged, and fixed.