Home/ Questions/Q 7546249
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T09:09:00+00:00

I’ve made a small gwt app and released it, but today I found a

  • 0

I’ve made a small gwt app and released it, but today I found a serious problem. I was aware of the same origin policy issue so I’ve put my gwt app and rest json app on the same server. But apparently browsers doesn’t regard http://www.xyz.com and http://xyz.com as the same source so when a user lands on a http://www.xyz.com he can’t get data from http://xyz.com.

This is the message:

XMLHttpRequest cannot load http://xyz.com/backend/... 
Origin http://www.xyz.com is not allowed by Access-Control-Allow-Origin.

What is the best way to deal with this? I’ve googled and first found .htaccess solution which doesn’t work for tomcat. I ended up using a empty landing page index.html with only redirect to url without www in it. It’s not the best solution because someone can still type in url with www which is not going to index page so it wont get redirected.

Any help will be appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You shouldn’t use absolute URLs in your app unless absolutely necessary.

    I.e. you should have “http://example.com” in your code if the app can be loaded from http://www.example.com.

    For instance, if you want to load some data from, e.g. http://example.com/abc/def, then put "/abc/def" in your code, not "http://example.com/abc/def". That way, the browser will resolve the URL to either http://www.example.com/abc/def if the app has been loaded from http://www.example.com, or to http://example.com/abc/def if it’s been loaded from http://example.com. And you never risk to hit the Same-Origin Policy.

    • 0