8

I've made a small gwt app and released it, but today I found a serious problem. I was aware of the same origin policy issue so I've put my gwt app and rest json app on the same server. But apparently browsers doesn't regard http://www.xyz.com and http://xyz.com as the same source so when a user lands on a www.xyz.com he can't get data from http://xyz.com.

This is the message:

XMLHttpRequest cannot load http://xyz.com/backend/... 
Origin http://www.xyz.com is not allowed by Access-Control-Allow-Origin.

What is the best way to deal with this? I've googled and first found .htaccess solution which doesn't work for tomcat. I ended up using a empty landing page index.html with only redirect to url without www in it. It's not the best solution because someone can still type in url with www which is not going to index page so it wont get redirected.

Any help will be appreciated.

Will Hartung
  • 115,893
  • 19
  • 128
  • 203
Nemanja Kovacevic
  • 3,510
  • 2
  • 30
  • 45

2 Answers2

10

You shouldn't use absolute URLs in your app unless absolutely necessary.

I.e. you should have "http://example.com" in your code if the app can be loaded from http://www.example.com.

For instance, if you want to load some data from, e.g. http://example.com/abc/def, then put "/abc/def" in your code, not "http://example.com/abc/def". That way, the browser will resolve the URL to either http://www.example.com/abc/def if the app has been loaded from http://www.example.com, or to http://example.com/abc/def if it's been loaded from http://example.com. And you never risk to hit the Same-Origin Policy.

Thomas Broyer
  • 64,353
  • 7
  • 91
  • 164
3

You should only host a website under a single sub/domain. All traffic to http://www.example.com should be redirected to http://example.com or vice versa.

abraham
  • 46,583
  • 10
  • 100
  • 152
  • this sounds good, can you point me in the right direction as how to achieve this? – Nemanja Kovacevic Feb 21 '12 at 01:44
  • It depends on your web server. I know nothing about tomcat but this question might help: http://stackoverflow.com/questions/1363605/tomcat-base-url-redirection – abraham Feb 21 '12 at 04:53
  • Thank you for your effort. I've seen the question you mention when I was trying to find a solution before posting a question, it's not the same problem as here. – Nemanja Kovacevic Feb 21 '12 at 13:44