itch.io Community » Game Development » General Development

Unity WebGL and CORS

A topic by Dom Camus created Jan 05, 2019 Views: 5,422 Replies: 14

Viewing posts 1 to 3

Dom Camus5 years ago

Having uploaded a few Unity web games to itch.io recently I've noticed a nasty problem with the embedding/hosting. Any attempt to upload analytics data (to my server) from the game fails. This is a pretty big problem and basically means I'll have to stop using itch.io for WebGL projects if I can't find a fix.

As far as I can tell, the difficulty arises from the way WebGL asks sites if it's OK to access their resources. My server-side PHP script never runs, because the CORS system designed to prevent unwanted cross-site access says "no". However, I have CORS set up in the script in a way that ought to work. The problem is something at the itch.io end... I'm not quite sure what.

Are there any known workarounds for this problem? If not, any chance of a fix?

leafoAdmin5 years ago(+1)

If you want your game to communicate with your own host then you'll need to add the appropriate headers to your web application that is accepting analytics data. You can learn more about this here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Essentially, your PHP script needs to know how to tell the player's browser that it is okay to send the data to your server. I haven't worked with Unity directly, so I can't give you any specific instructions, but it shouldn't be too hard to figure out how to get it working by searching online.

Hope that helps!

Dom Camus5 years ago

That is helpful, thanks... but I already knew this. I've added (what the internet consistently says are) the correct PHP headers and it doesn't seem to work. I'll investigate further, though. If the problem isn't itch.io it could be something Unity is doing...

firecat5 years ago

How about not using anything with analytics, it is not a require thing in games and is offen the leading cause of lag in unity.

PeteX5 years ago

CORS is a way for a server to say what web requests it is prepared to accept from other sites. It's difficult to know what itch could do to foul this up, since itch has no control over your server. However, if you hosted your game on your own server, there would be no need for CORS. Cross-Origin Resource Sharing only applies when the request is cross-origin, and it is not if the game and the analytics service are hosted in the same place.

There are a couple of traps with CORS. The first is that for some types of request, CORS has to be explicitly requested by the code running on the browser. The second is that a CORS request is split into two, with an initial "preflight" request being used to check for the presence of the CORS headers. This is done with the HTTP OPTIONS method, so you should make sure your server is sending the CORS headers in response to OPTIONS as well as GET/POST.

Dom Camus5 years ago

Yup, all that is standard. Doesn't seem to work. I've doubtless messed something up, but can't work out what.

PeteX5 years ago

Do you get any errors on the browser console?

Dom Camus5 years ago

I do, but it simply says: "Blocked loading mixed active content "http://blah/blah/something.php?" [Learn More]

Clicking [Learn More] takes me to a generic Mozilla info page and says nothing more about my specific error.

PeteX5 years ago(+1)

I don't think mixed content refers to CORS at all. It's saying that you're loading an insecure resource (http://...) from a secure page (https://...). That makes sense actually. Itch serves everything from https so you'll need to load your analytics script from a secure server as well.

(The reason for the error, I imagine, is that otherwise the user is misled about the level of security on the page. It appears to be secure, but in fact it could be attacked by tampering with the insecure script.)

Dom Camus5 years ago

Oh, interesting! I'll try switching to an https URL and see if that helps. Thanks for the tip!

Dom Camus5 years ago

Hrm... changing the request to https: within Unity doesn't change the error shown in the console (still http:). Very odd.

PeteX5 years ago

I don't know why that would be, assuming you've cleared your cache and everything. I haven't used Unity analytics. What happens if you change it to a completely different https URL? Do you get the new URL, but with http instead of https? Do you still get the old URL? Or does it actually work and you get the new URL with https?

Dom Camus5 years ago

It's not Unity analytics per-se. I'm calling a PHP script on my own server.

I really appreciate your help, by the way, but I'm happy to slowly debug this on my own. If I work out what's up with it I'll post here to let others know.

Aergia5 years ago(+2)

Hey! Not sure if you still have this issue, I found this thread by looking for a solution myself.

I fixed the "mixed active content" error by switching to UnityWebRequest instead off the WWW class I was using. Seems the WWW thing defaulted to http regardless of what you wrote in the URL. At the same time I forced my server to only accept https, I did these at the same time so I'm not sure if the force https thing is needed. Hope it makes sense :)

(And check out my thing here if you want ;-) https://aergia.itch.io/the-city-haze )

Dom Camus5 years ago

That's awesome, thanks!

(No, I never fixed it, I just switched to hosting the game on my own server. The itch.io versions don't upload analytics currently.)

Log in to reply Join the discussion. Log in or create a free itch.io account to continue.