Hello,
I have an old app made with NSB v5.2.1.3 that I have migrated to a new server running NGINX.
The Ajax call is not anymore able to initiate the HTTPrequest with the PHP script on the server to get data from the database: all the attempts are blocked with a “CORS Missing Allow Origin”, even if we have the header defined in the PHP scripts.
We have attempted several fine tuning of the NGINX server settings without success.
We believe we need to modify the HTTPrequest made by the Ajax call adding some settings like:
crossDomain: true, datatype: jsonp
and make further tests.
How can we do that in BASIC with the Ajax () call ?
Thanks
Pietro
Hi Pietro,
A lot has happened since 2015, when AppStudio 5 was out. There have been many changes to how the internet handles security. We’ve kept AppStudio up to date with these changes in our new releases. The current version is 8.5.
One of the changes was to the certificates the internet uses to authenticate websites. Since we are no longer updating Version 5, it does not have the ability to do this.
You’re likely to have other issues beyond this as well. You’re probably best off if you update AppStudio, and update your app so it is compliant with current web standards.
Let me know if you have questions.
" all the attempts are blocked with a “CORS Missing Allow Origin”, even if we have the header defined in the PHP scripts. ".
I was getting these same errors. I never was able to figure out how to correctly use CORS . I solved it by adding these as the first 2 lines in my server .php file:
header('Access-Control-Allow-Origin: *');
header("Content-type: text/plain; charset=UTF-8");
I know it is not good because it bypasses CORS, but it is the only way I found to solve my problems … I needed the data!
Paul
Thank you Paul, but it did not work in my case, I just tried without success.
Like George says, I will give try with version 8.5.
Pietro
I have a header.class.php file that I include with my mobile app interfaces that looks like this:
<?php
// ini_set('display_errors', 'On');
// error_reporting(E_ALL | E_STRICT);
// this checks the HTTP_ORIGIN header and, depending on the device, it sends back
// the correct response
// the purpose is to offer some level of security against hackers trying to use
// the raw API (this can be updated to verify and exchange tokens)
class Headers
{
public $http_origin = "";
public $authorized = false;
public $apiLevel = 1;
function __construct()
{
$this->getHTTPOrigin();
}
public function sendHeaders($strType)
{
header('Access-Control-Allow-Origin: ' .$this->http_origin);
// error_log("HTTP_ORIGIN: $this->http_origin");
switch($strType)
{
case "json":
header('Content-type: application/json');
// error_log("content-type: " .$strType);
break;
case "jpeg":
header('Content-type: image/jpeg');
break;
case "png":
header('Content-type: image/png');
break;
case "text":
header('Content-type: text/plain');
break;
case "html":
header('Content-type: text/html');
break;
default:
break; // do nothing
}
}
// figure out the allowed origin response
public function getHTTPOrigin()
{
// see what the browser is telling us.
$http_origin = $_SERVER['HTTP_ORIGIN'];
// error_log("getting HTTP_ORIGIN: " .$http_origin);
if($http_origin == "")
// this is probably from... sigh... Android
$this->http_origin = "https://www.domain.com";
elseif($http_origin == "app://localhost")
// this is apple/cordova and the new wkwebkit built into 6.1
$this->http_origin = $http_origin;
elseif($http_origin == "https://domain.com")
// this is coming from the website
$this->http_origin = $http_origin;
else
$this->http_origin = "*"; // just in case something changes and we don't catch it
// error_log("this->http_origin set to: " .$this->http_origin);
}
}
?>
Obviously you’ll have to change domain.com and what comes in should match what goes out.
Thanks, I wil look in to this
I’ve used @PPetree code modified a bit for test vs production environments successfully for about 4 years.
1 Like
Has it been that long? Man! Time flies when you’re having fun! LOL