AJAX changed recently? Does not load textfile anymore

Hi. My old project loads a text to display news and works fine but my new project does not load the file from my server. Is it possible to get a more detailed error message for Ajax actions? On error triggers but what's the error?

I checked that the server has the proper.htaccess with allow origin * like for my old c2 project. I uploaded it as utf8 and ANSI file and checked chmod etc but I can't figure out why it does not load the textfile (just 1 line of text). Any ideas? 🤔 It's hosted on a 1&1 Server.

have you got a secure server Https ?

Thank you very much! totally forgot this, did not use ajax for some time. Exported NW.js worked, hope its the same for Win10 UWP and Android.

but I just got my included ssl certificate and should be able to use SSL in the future for my apps. :)

in order to bypass the ssl thing just type your adress without http in front... like

First of all, the

Access-Control-Allow-Origin: *

is a huge security hole. It means, anyone, anywhere can run that php file and can Post, Get, do whatever they wish to it. The whole point of CORS and AJAX is to limit who can call it and what they can do.

Try this code instead:

error_reporting(-1); // reports all errors
ini_set("display_errors", "1"); // shows all errors

if (isset($_SERVER['HTTP_ORIGIN'])){
 $http_origin = $_SERVER['HTTP_ORIGIN'];
}
else
{
 die();
}

header('Access-Control-Allow-Methods: "POST"');

if ($http_origin == "https://preview.construct.net" || $http_origin == "https://www.mysite.com") {
 header("Access-Control-Allow-Origin: $http_origin");
}

include "header.php"

Oh, and once you have it all running and working, delete the two lines of error reporting...

Thanks. I got a SSL cert but could not install it on my 1&1 Server yet. The instructions they linked were confusing and the config files mentioned were not there. Still trying to figure it out.

Right now I only use the AJAX plugin to load text files from my server to load news headlines or other information text. But I want to use PHP for some MySQL actios soon. (get data from DB or post data)

I will take a closer look at your instructions and try to implement it.

But I dont understand why it seems to work fine on the other project. Its http://, same server, same .htaccess, both load a text file. Its just one line On Start of Layout > Get from URL and then using the returned string to display as text or this time I tried json data for loading a save state.

Right, I believe it's like I said. I seem to recall reading recently that the C3 AJAX specifically looks for the HTTPS, something I don't think C2 did.

I know if I change the URL's in that script above to http that it won't work.

And here's a little trick you can use to see if the AJAX call is actually going through

replace

if (isset($_SERVER['HTTP_ORIGIN'])){
 $http_origin = $_SERVER['HTTP_ORIGIN'];
}
else
{
 die();
}

$myfile = fopen("httporigin.log", "a") or die();

if (isset($_SERVER['HTTP_ORIGIN'])){
 $http_origin = $_SERVER['HTTP_ORIGIN'];
 fwrite($myfile, $http_origin."\n");
 fclose($myfile);
}
else
{
 fwrite($myfile, $_SERVER['REMOTE_ADDR']."\n");
 fclose($myfile);
 die();
}

My response to the same problem from another guy:

construct.net/en/forum/construct-3/general-discussion-7/construct-ajax-crossdomain-144008