Set the Access-Control-Allow-Origin

0 favourites
  • 9 posts
From the Asset Store
10 Beautiful Pokemon-like Building Pixel Art Sprite Sets
  • Okay, so I read the manual and various posts but I still don't understand where this needs to go:

    Does it go at the start of my index.htl file on the server?

    If so do i need to rename that to index.php?

    Do i make a new php file on my server?

    ...or something else?

    All the forum answers say I need to use this but none seem to say where it needs to go. Where does it go ?!?

    Please help.

    Thanks

  • I have tried adding the following to the index.html file before all other code..

    <?php
    header('Access-Control-Allow-Origin: *'); 
    ?>[/code:kwcmccz0]
    
    ..but this didn't work.
    Any ideas? Really stuck!
    Thanks
  • https://enable-cors.org/index.html

    Also be aware https may play a role.

  • Nope, I tried putting it on a secure https server but I get the same error..

    Fetch API cannot load https://api.myapi.com/v2/licenses/verify/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://mysite.com' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.[/code:33wwskm1]
    
    Also Ive tried setting the request header itself in Construct before the request gets made...but that still gives me the error.
    
    What exactly am I doing wrong here?
  • Is the name of your site "https://mysite.com"?

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • CORS needs to be set up on the server you are requesting data from, not from the construct app or the domain hosting the construct app. It is set in the hosting server's configuration files.

  • [quote:3rz3jtce]CORS needs to be set up on the server you are requesting data from, not from the construct app or the domain hosting the construct app. It is set in the hosting server's configuration files.

    Are you sure? Because when I disable cors locally on my browser, the data gets retrieved from the source successfully. This would indicate that the data provider is sending the message anyway and its my construct hosted server that is not able to receive it (or send the request) correctly.

    [quote:3rz3jtce]Is the name of your site "https://mysite.com"?

    no. but I put that there as an example

  • Even if you send a no-cors request, an opaque response cannot be read or accessed by JavaScript.

    This is normal behavior, basically one use case is to prevent hot-linking to resources that are not yours (stealing bandwidth). Either you have access to the server/domain where the resource is hosted and configure it to allow cors, or you'll need a copy of the resource on the same domain as your game/app so then cors is not necessary at all.

  • So in the end I just needed a php file on my server with the 'allow control header' AND the actual request in the same php file.

    Steps...

    -I put a php file which included the header('Access-Control-Allow-Origin: *'); AND a REST request to the api in question. (So the main difference being that PHP makes the api request NOT C2)

    -This php also spits out the result of the call with echo.

    -I used c2 to call the php file using an axaj POST request

    -C2 then receives the request data using LastData

    All works a charm when uploaded to the server. Hoorah!

    EDIT: I actually REMOVED Access-Control-Allow-Origin: from my PHP file and it all still worked, so presumably the apis that I'm trying to access already have this set at their end.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)