Construct 3 AJAX Crossdomain help

  • Hello.

    I have an app in dev, it uses mysql database im making calls and requests with ajax.

    If i test the app in construct 3 play app local browser, the ajax calls doesent work the app do not send any requests to server, if i export the app for mobile on one of my devices works ok ajax calls are made ajax last data is ok but on other device that i have it doesent work its the same as on local browser preview project why on some devices ajax works and on some doesent

    Allow cross domain * is set on the server with the database

    Tagged:

  • Just posted this reply elsewhere. See if this fixes it:

    construct.net/en/forum/construct-3/general-discussion-7/ajax-changed-recently-not-140404

  • Just posted this reply elsewhere. See if this fixes it:

    https://www.construct.net/en/forum/construct-3/general-discussion-7/ajax-changed-recently-not-140404#forumPost975309

    Well.. I have Access-Control-Allow-Origin: "*" set on my server. My problem is from local browser preview.construct.net ajax is not working and from one of my devices samsung J6+ not working. On this 2 cases AJAX error triggers but i cant see what error. Ajax.LastData is empty

    I have another device samsug J5 and Samsung note 8 and is working on them

    Dont care now about allow origin from * is a big security issue im in dev mode right now.

    I cant see the patern here... im trying to make the app to work on most of mobile phones

    Maybe im missing something?

    Sorry for my bad english.

  • Your English is just fine.

    Yea, it's pretty annoying not to see what the actual AJAX error is.

    If you read further down that post above there's some code to log incoming requests to file so you can actually see if the AJAX requests are coming through. That would be my first test to see if the various devices are even making the requests and if they are, do they have an origin.

  • Your English is just fine.

    Yea, it's pretty annoying not to see what the actual AJAX error is.

    If you read further down that post above there's some code to log incoming requests to file so you can actually see if the AJAX requests are coming through. That would be my first test to see if the various devices are even making the requests and if they are, do they have an origin.

    Did that.

    When i try the app from my J5 my ip logs in httporigin.log but when i try from construct 3 browser or J6+ nothing is writen in httporigin.log

    Its like something from construct 3 host (or my local browser) and from samsung J6+ browser is blocking the AJAX action this is the only reason i think, but what and how can i solve this problem?

    :(

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Ok, that's a start.

    If you see an IP in the httporigin.log then that means that it's being called from somewhere outside of your domain and I'd be surprised if it gave a response. What you should see is something like this:

    preview.construct.net

    mydomain.com

    My next question. Do you have an HTTPS certificate on the site you're trying to access?

  • And this brings up another question. If you're accessing it from the phone's browser, which browser are you using? The Samsung browser or Chrome?

  • And this brings up another question. If you're accessing it from the phone's browser, which browser are you using? The Samsung browser or Chrome?

    Well on my PC im using chrome and on the mobile devices chrome as well

    What i see in the httporigin.log right now is 79.118.33.7 witch is my provider ip atm, and this is writen when i access Myapp from J5.

    If i access it from Construct browser or J6+ nothing is added in httporigin.log (im clearing text from httporigin.log every try i make a AJAX call)

    I do not have HTTPS certificate on the server. Maybe this is a problem?

  • I do not have HTTPS certificate on the server. Maybe this is a problem?

    That is almost definitely the problem.

    I'm going to venture a guess that the J5 is using an older version of Chrome that allowed you to access non secure sites but it doesn't give the http origin as a security measure, which would normally get blocked by AJAX being off-site. That's most likely is why you're seeing it's IP and not an origin. You may have been allowed to run your previous script as it allowed any site to run it. My script only allows specific sites to access it so it would have failed to run.

    The J6 and the desktop are using newer versions of Chrome which are simply refusing to let you go from a secure site (https://preview.construct.net) to your insecure site (http://www.mysite.com) which is why they're not even attempting to make the AJAX call.

    It's the same problem the other guy was having in the post I linked to: trying to make an AJAX call to a http site.

  • > I do not have HTTPS certificate on the server. Maybe this is a problem?

    That is almost definitely the problem.

    I'm going to venture a guess that the J5 is using an older version of Chrome that allowed you to access non secure sites but it doesn't give the http origin as a security measure, which would normally get blocked by AJAX being off-site. That's most likely is why you're seeing it's IP and not an origin. You may have been allowed to run your previous script as it allowed any site to run it. My script only allows specific sites to access it so it would have failed to run.

    The J6 and the desktop are using newer versions of Chrome which are simply refusing to let you go from a secure site (https://preview.construct.net) to your insecure site (http://www.mysite.com) which is why they're not even attempting to make the AJAX call.

    It's the same problem the other guy was having in the post I linked to: trying to make an AJAX call to a http site.

    Nice! So HTTP is not supported from most of the browsers from computers and mobiles, HTTPS works well, tested now. Thank you very much for your help!

  • Found it.

    This kinda explains it. It's called 'mixed content'

    developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content

    It's not that it isn't supported, it's a security hole for HTTPS. When you go from a HTTPS site and make a request to a HTTP site, it falls under the 'mixed content' and gets blocked.

    If you made the AJAX call from an HTTP site to another HTTP site, it would likely have gone through without issue. It was the call from HTTPS to HTTP that caused the problem.

    preview.construct.net is an HTTPS site.

  • Found it.

    This kinda explains it. It's called 'mixed content'

    https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content

    It's not that it isn't supported, it's a security hole for HTTPS. When you go from a HTTPS site and make a request to a HTTP site, it falls under the 'mixed content' and gets blocked.

    If you made the AJAX call from an HTTP site to another HTTP site, it would likely have gone through without issue. It was the call from HTTPS to HTTP that caused the problem.

    preview.construct.net is an HTTPS site.

    THANK YOU Fengist!

    For me now things seems to be less foggy, thanks to your help.

    (Ajax) HTTP -> (Ajax) HTTPS = No problems

    (Ajax) HTTPS -> (Ajax) HTTP = Headaches :))

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)