January 21, 2021, 05:51:41 AM

Author Topic: Technical question - cross origin requests  (Read 188 times)

Offline Matty

  • Hero Member
  • *****
  • Posts: 1339
    • MattiesGames
Technical question - cross origin requests
« on: September 18, 2020, 04:14:35 PM »
Good Day.

I've known for a while that browsers are designed to not accept http responses from cross origin xmlhttprequest commands in Javascript.

Eg site A has php file called myform.php

Websites with same domain as site A may request myform.php but website B on site B may not receive a response from myform.php in most browsers because the domains are different.

CORS policy prevents this.

There is a header however that site A myform.php can include called 'Allow Cross Origin Requests: (from specific sites)'

Now my confusion is this:

This restriction is browser level.  So a file that makes a http request in code not a browser such as in an Android app, a Windows executable, a curl request does not have this restriction.  That's fine.

But what I've discovered is that in Chrome on my tablet device the restriction is ignored.  But on chrome on my desktop it is not.

So, eg, my game is hosted on a portal's site on a different server.  It makes a http request to a hiscore.php file on my server.  If the game is accessed through my browser on my own website no problem.  If hosted on another site and accessed through a browser it should deny the request for high scores.

Now...weirdly-this is correct and normal, except:On my desktop this behaviour is standard and correct.  On my tablet my game hosted elsewhere CAN see the high score table.

I eat cheese in the trees when its eight degrees

Offline Derron

  • Hero Member
  • *****
  • Posts: 3332
Re: Technical question - cross origin requests
« Reply #1 on: September 18, 2020, 07:00:07 PM »

According to this it should work .... (as your API surely does allow cross origin requests...)



SimplePortal 2.3.6 © 2008-2014, SimplePortal