Skip to content
This repository has been archived by the owner on Dec 11, 2017. It is now read-only.

Problem using gwt-voices when using xs linker and placing script and html in defferent domains #11

Open
GoogleCodeExporter opened this issue Mar 13, 2015 · 1 comment

Comments

@GoogleCodeExporter
Copy link

What version of GWT are you using? 1.3.3? 1.4.61? Other?
1.5.3

What version of the gwt-voices jar file or library file are you using?
1.5.5

What operating system(s) are you using? Windows? Linux? Mac?
Windows

Do you have Flash installed? If so, what version does your browser show on
this page: http://www.macromedia.com/software/flash/about/
10,0,12,36 

Does the issue occur in web mode, hosted mode, both or don't know?
both

What browser(s) do you use? Firefox, IE, Safari, other?
FF, IE, Chrome

What is the browser version (if you know) from Help->About?

What steps will reproduce the problem? Please attach sample code if you can.
1. compiler custom project with <add-linker name="xs" /> in example.gwt.xml
2. place compiled scripts on server foo1.com
3. in index.html include <script> with to absulute path to "foo1.com",
i.e.: http://foo1.com/example.nocache.js
4. copy index.html to "foo2.com"

What is the expected output? What do you see instead?
Expected behavior should be the same as if index.html was located on foo1.com

Do you have a workaround?
yes. Two steps are needed:
1. add "allowScriptAccess" param to <object> and set it to always
2. change gwt-voices.as to call Security.allowDomain("*");

Patch with described changes is included. 
However I'm aware of the fact, that enabling all domains via "*" wild card
is not secure. And it's also the case for "allowScriptAccess" parameter.
I needed this modification and for everyone having the same problem the
patch might be useful. 
Also compiled version of gwt-voices.swf witch applied change is included.

Original issue reported on code.google.com by [email protected] on 26 Jan 2009 at 10:43

Attachments:

@GoogleCodeExporter
Copy link
Author

Couple of solutions (both requiring modification to source code):
1. Make the allowed domain a .gwt.xml configuration parameter so that that 
instead of 
'*' (=any domain), only the specified domain would be granted access.
2. Provide a method in the API to set the authorized domain

Original comment by [email protected] on 2 Jan 2010 at 4:47

  • Changed state: Accepted

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant