SOLVED - AJAX email sending works for HTML5 website export but not APK - any ideas?

Hi guys,

As the title says, I have built an app in Construct2 and part of the functionality sends an email via javascript and the AJAX object.

This works perfectly on my phone when I export it as an HTML5 website, but when I export it as a debug APK (using Cordova) the email sending does not work, but the rest of the app does - any ideas, am I missing something obvious?

I have used code snippets that people have posted as examples and as I say it works when running as a site.

This used to work when building the APK via Cocoon.io but since they are no longer providing that service I have switched to Cordova and it no longer works.

The javascript that gathers the data from controls in the app is as follows:-

"document.getElementById(""myText2"").select();document.execCommand('copy');"

and the AJAX commands are:-

Send

Tag: "Email"

URL: "http://www.myurl.com/c2mail.php"

Data: "subject="&Subject&"&message="&message&"&email_to="&email_to

Method: "post"

Request

Tag: "sent"

URL: "http://www.myurl.com/c2mail.php"

Contents of c2mail.php

<?php

$to = $_POST['email_to'];

$subject = $_POST['subject'];

$message = $_POST['message'];

$headers ='From: fromhpx@email.com' . "\r\n" .

'Reply-To: fromhpx@email.com' . "\r\n" .

'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

echo "Message sent at ";

echo date ("h:i:s");

?>

My device is Android 9 - I am wondering if this is something to do with it, I wonder if it requires an SSL cert on the URL domain?

Does anyone have any ideas?

Thanks in advance!

It's probably CORS (i.e. cross-domain requests). Also some platforms now block insecure HTTP completely - you really should be using secure HTTPS for everything these days. Mobile apps may also need extra configuration to whitelist which domains it's allowed to communicate with.

Thanks Ashley, it WAS the platform (Android 9) blocking HTTP.

As this is only an app/website I use personally I decided to fix it by adding the following line to the AndroidManifest.xml file:-

android:usesCleartextTraffic="true"

This allows HTTP requests, not ideal for everyone but works for me so including here as a possible solution.

Thanks for your help though as it pointed me in the right direction,

Cheers,

Jason.

For the record, SSL is easy to get on websites nowadays via LetsEncrypt - there's no real excuse for HTTP in 2019

I think both Android and iOS are slowly moving towards blocking insecure HTTP completely with no configuration options to side-step it. The current situation is probably a stepping stone to that point. So I'd recommend just using HTTPS as a future-proof solution - using the configuration may break again in a future version of Android since they're motivated to remove it.

For the record, SSL is easy to get on websites nowadays via LetsEncrypt - there's no real excuse for HTTP in 2019

Hi Elliot, I tried LetsEncrypt but my hosting provider doesn't allow 3rd party SSL certs and want to charge me £50 for the privilege of using theirs. Unfortunately I paid in advance for the hosting so don't want to move to a new hosting company until this ends - so that's the excuse for me. :)

As I mentioned this is a service used solely by me, there is no sensitive data, so for me it works - that said as soon as my current contract expires I will be moving to one of the LetsEncrypt preferred hosting partners.

Thanks guys!