General Category > General Game and Application Development

Technical question - cross origin requests


Good Day.

I've known for a while that browsers are designed to not accept http responses from cross origin xmlhttprequest commands in Javascript.

Eg site A has php file called myform.php

Websites with same domain as site A may request myform.php but website B on site B may not receive a response from myform.php in most browsers because the domains are different.

CORS policy prevents this.

There is a header however that site A myform.php can include called 'Allow Cross Origin Requests: (from specific sites)'

Now my confusion is this:

This restriction is browser level.  So a file that makes a http request in code not a browser such as in an Android app, a Windows executable, a curl request does not have this restriction.  That's fine.

But what I've discovered is that in Chrome on my tablet device the restriction is ignored.  But on chrome on my desktop it is not.

So, eg, my game is hosted on a portal's site on a different server.  It makes a http request to a hiscore.php file on my server.  If the game is accessed through my browser on my own website no problem.  If hosted on another site and accessed through a browser it should deny the request for high scores.

Now...weirdly-this is correct and normal, except:On my desktop this behaviour is standard and correct.  On my tablet my game hosted elsewhere CAN see the high score table.



According to this it should work .... (as your API surely does allow cross origin requests...)



[0] Message Index

Go to full version