-1

There are a lot of questions on this subject, but I still can't seem to resolve my issue.

I have a game that I'm trying to get working with HTML 5 in Chrome. Link here.

The game is written using libgdx and I'm posting json data from my app engine hosted back end. I've done quite a bit of reading and I think I understand the issue with cross domain access, I also think I understand how to resolve it but can't.

The full error is

XMLHttpRequest cannot load http://1-1-51.wordbuzzweb.appspot.com/Login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://wordbuzzhtml5.appspot.com' is therefore not allowed access.

As you can see, this says No 'Access-Control-Allow-Origin' header is present on the requested resource.. But if I look at the headers for the requested resource, they are as follows.

Date: Thu, 18 Jun 2015 21:59:34 GMT
Content-Encoding: gzip
Server: Google Frontend
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Content-Type: application/json
Access-Control-Allow-Origin: *
Alternate-Protocol: 80:quic,p=0
Cache-Control: private
Access-Control-Allow-Headers: Content-Type
Content-Length: 127

As you can see, there is an Access-Control-Allow-Origin header included.

If someone could please tell me what I'm doing wrong, that'd be appreciated.

The request header is as follows using the POST method.

Host: 192.168.254.1:8081
Pragma: no-cache
Cache-Control: no-cache
Origin: http://localhost:8080/
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.52 Safari/537.36
Accept: */*
Referer: http://localhost:8080/html/
Accept-Language: en-GB,en;q=0.8
Content-Length: 25
Content-Type: application/json
Will Calderwood
  • 4,393
  • 3
  • 39
  • 64
  • Can you show the request headers instead? including the method used? – Kevin B Jun 18 '15 at 22:11
  • @KevinB Request header added. One thing I don't understand is how the client get's the headers, as it's not hitting my app engine code that adds them. In that, I guess is where the problem might lie. – Will Calderwood Jun 19 '15 at 08:01
  • Request headers come from the client, not the server. ;) – Kevin B Jun 19 '15 at 08:02
  • @KevinB Sorry, I wasn't clear with that comment! Yes, I mean I don't understand how the client receives the Access-Control-Allow-Origin as that comes from the server, but it doesn't hit my server code that adds the header when the client makes a request from the browser. – Will Calderwood Jun 19 '15 at 08:06
  • 1
    I'll check back in the morn, time for sleep. Check your network tab, my guess is the client is actually sending an options request. – Kevin B Jun 19 '15 at 08:06
  • @KevinB You'd lead my thought processes in that direction too. I added code for every request type as it was indeed making an options request. Does it make the options request first, then do the post afterwards? Feel free to post the explanation as as answer and I'll accept. Thanks. – Will Calderwood Jun 19 '15 at 08:15
  • @KevinB As you're clearly a genius, are you able to help with my next cross domain issue? http://stackoverflow.com/questions/30945945/tainted-canvases-may-not-be-loaded-cross-domain-issue – Will Calderwood Jun 19 '15 at 21:31
  • I unfortunately have no experience when it comes to webgl canvases or any of that, i'm more of a backend developer that knows enough front-end to work through problems. :) – Kevin B Jun 19 '15 at 21:35

1 Answers1

2

Since you are getting some headers back in the response, that's a good indication that the request IS reaching the server, however, the fact that it isn't hitting your server route points to the problem being the request being made doesn't match any of your routes. The request is likely an OPTIONS request rather than a POST request, which commonly happens when you make a CORS request from the browser that isn't a "simple request".

The solution would be to either make it a "simple request", or to have your server respond to OPTIONS requests. It's far easier to just make your server respond to OPTIONS requests, because sometimes even "simple requests" still send OPTIONS requests.

Kevin B
  • 94,570
  • 16
  • 163
  • 180
  • I can confirm, once I discovered the networking tab in Chrome, there were two lines for that URL. First the OPTIONS request, and then the POST request. Thanks. – Will Calderwood Jun 19 '15 at 21:37