Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.
  2. We have updated the language to the Editor Terms based on feedback from our employees and community. Learn more.
    Dismiss Notice
  3. Join us on November 16th, 2023, between 1 pm and 9 pm CET for Ask the Experts Online on Discord and on Unity Discussions.
    Dismiss Notice

Unitywebrequest - can't get post data on php. Chrome CORS error but not on Firefox

Discussion in 'Multiplayer' started by RendergonPolygons, Feb 27, 2020.

  1. RendergonPolygons

    RendergonPolygons

    Joined:
    Oct 9, 2019
    Posts:
    98
    I'm really pulling hairs for days on this one, really appreciate your help ! I have built a unity webgl project (Unity 2019.3.0f5) and test POST to php file on server (Apache) with Firefox. Chrome gives CORS error but firefox doesn't. My end question for this post is that the webgl app sends POST data but the php file doesn't seem to receive it.

    Webgl unitywebrequest:
    Code (CSharp):
    1. List<IMultipartFormSection> formData = new List<IMultipartFormSection>();
    2.    formData.Add(new MultipartFormDataSection("clientusername", myUsername, "text/plain"));
    3.    formData.Add(new MultipartFormDataSection("clientpassword", myPassword, "text/plain"));
    4.    UnityWebRequest www = UnityWebRequest.Post("https://example.com/userlogin.php", formData);
    5.    www.SetRequestHeader("Access-Control-Allow-Credentials", "true");
    6.    www.SetRequestHeader("Access-Control-Allow-Headers", "Accept, Content-Type, X-Access-Token, X-Application-Name, X-Request-Sent-Time");
    7.    www.SetRequestHeader("Access-Control-Allow-Methods", "GET, POST, PUT, OPTIONS");
    8.    www.SetRequestHeader("Access-Control-Allow-Origin", "*");
    9.    yield return www.SendWebRequest();
    My php:
    Code (CSharp):
    1. <?php
    2. header('Access-Control-Allow-Credentials: true');
    3. header('Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS');
    4. header('Access-Control-Allow-Headers: Accept, Content-Type, X-Access-Token, X-Application-Name, X-Request-Sent-Time');
    5. header('Access-Control-Allow-Origin: *');
    6.  
    7. ini_set('display_errors', 'On');
    8. ini_set('html_errors', 0);
    9. error_reporting(E_ALL);
    10.  
    11. var_dump($_POST['clientusername']);
    12. var_dump($_POST['clientpassword']);
    13. $clientusername=$_POST["clientusername"];
    14. $clientpassword=$_POST["clientpassword"];
    15. echo " Posted-clientusername " . $clientusername . " pwd " . $clientpassword;
    print_r($_POST) gives me empty array{}

    My .httaccess on server's user account public_html directory:
    Code (CSharp):
    1. <IfModule mod_mime.c>
    2.   AddEncoding br .unityweb
    3. </IfModule>
    4.  
    5. RewriteEngine on
    6.  
    7. <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$">
    8.     Header set Access-Control-Allow-Origin "*"
    9.     Header set Access-Control-Allow-Credentials "true"
    10.     Header set Access-Control-Allow-Headers "Accept, Content-Type, X-Access-Token, X-Application-Name, X-Request-Sent-Time"
    11.     Header set Access-Control-Allow-Methods "GET, POST, PUT, OPTIONS"
    12. </FilesMatch>
    13.  
    14. RewriteEngine On
    15. RewriteCond %{SERVER_PORT} 80
    16. RewriteCond %{HTTP_HOST} ^(www\.)?example\.com
    17. RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
    18.  
    19. # BEGIN WordPress
    20. # The directives (lines) between `BEGIN WordPress` and `END WordPress` are
    21. # dynamically generated, and should only be modified via WordPress filters.
    22. # Any changes to the directives between these markers will be overwritten.
    23. <IfModule mod_rewrite.c>
    24. RewriteEngine On
    25. RewriteBase /
    26. RewriteRule ^index\.php$ - [L]
    27. RewriteCond %{REQUEST_FILENAME} !-f
    28. RewriteCond %{REQUEST_FILENAME} !-d
    29. RewriteRule . /index.php [L]
    30. </IfModule>
    31.  
    32. # END WordPress
    33. # BEGIN HTML5 Boilerplate
    34. # END HTML5 Boilerplate
    35.  
    36. # php -- BEGIN cPanel-generated handler, do not edit
    37. # Set the “ea-php72” package as the default “PHP” programming language.
    38. <IfModule mime_module>
    39.   AddHandler application/x-httpd-ea-php72___lsphp .php .php7 .phtml
    40. </IfModule>
    41. # php -- END cPanel-generated handler, do not edit
    42.  
    43. # BEGIN cPanel-generated php ini directives, do not edit
    44. # Manual editing of this file may result in unexpected behavior.
    45. # To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
    46. # For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
    47. <IfModule php7_module>
    48.    php_flag display_errors Off
    49.    php_value max_execution_time 90
    50.    php_value max_input_time 60
    51.    php_value max_input_vars 1000
    52.    php_value memory_limit 128M
    53.    php_value post_max_size 100M
    54.    php_value session.gc_maxlifetime 1440
    55.    php_value session.save_path "/var/cpanel/php/sessions/ea-php72"
    56.    php_value upload_max_filesize 60M
    57.    php_flag zlib.output_compression Off
    58. </IfModule>
    59. <IfModule lsapi_module>
    60.    php_flag display_errors Off
    61.    php_value max_execution_time 90
    62.    php_value max_input_time 60
    63.    php_value max_input_vars 1000
    64.    php_value memory_limit 128M
    65.    php_value post_max_size 100M
    66.    php_value session.gc_maxlifetime 1440
    67.    php_value session.save_path "/var/cpanel/php/sessions/ea-php72"
    68.    php_value upload_max_filesize 60M
    69.    php_flag zlib.output_compression Off
    70. </IfModule>
    71. # END cPanel-generated php ini directives, do not edit
    I run app on borwser and enter username and password to POST:

    Firefox behaviour: show NULL for POST data but doesn't throw error and moves forward with the app.

    Headers shown: Request URL:https://example.com/userlogin.php Request method:pOST Remote address:xx.xxx.xxx.xx:xxx Status code: 200 Version:HTTP/1.1 Referrer Policy:strict-origin-when-cross-origin

    Code (CSharp):
    1. Reponse Headers: 432B
    2.     HTTP/1.1 200 OK
    3.     Date: Thu, 27 Feb 2020 08:46:09 GMT
    4.     Server: Apache
    5.     Access-Control-Allow-Credentials: true
    6.     Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
    7.     Access-Control-Allow-Headers: Accept, Content-Type, X-Access-Token, X-Application-Name, X-Request-Sent-Time
    8.     Access-Control-Allow-Origin: *
    9.     Keep-Alive: timeout=5, max=100
    10.     Connection: Keep-Alive
    11.     Transfer-Encoding: chunked
    12.     Content-Type: text/html; charset=UTF-8
    13.  
    14.     Request Headers: 690B
    15.     Host: example.com
    16.     User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0
    17.     Accept: */*
    18.     Accept-Language: en-GB,en;q=0.5
    19.     Accept-Encoding: gzip, deflate, br
    20.     Access-Control-Allow-Credentials: true
    21.     Access-Control-Allow-Headers: Accept, Content-Type, X-Access-Token, X-Application-Name, X-Request-Sent-Time
    22.     Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
    23.     Access-Control-Allow-Origin: *
    24.     Content-Type: multipart/form-data; boundary=k0Ki34Vzm8IhtqiqG8mgM7Wlld6JKnhNTMVSrIM9
    25.     Content-Length: 345
    26.     Origin: https://example.com
    27.     DNT: 1
    28.     Connection: keep-alive
    29.     Referer: https://example.com/index.html
    Chrome behaviour: throw CORS error and app crashes at this point:
    Code (CSharp):
    1. Access to XMLHttpRequest at 'https://example.com/userlogin.php' from origin 'https://www.example.com' has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
    2.     main.js?attr=H-E8ETtl9uD21KKJyUPOCsdqaZm-bIbGqKRwxYdwU2d_1Cy_8b9IK16cJxwiJqr4w5VaEJm8M4EhZFwcakFGQg:1024 POST https://example.com/userlogin.php net::ERR_FAILED
    Chrome's Network-Headers information shown:
    Code (CSharp):
    1. General:
    2.     Request URL: https://example.com/userlogin.php
    3.     Referrer Policy: no-referrer-when-downgrade
    4.     Provisional headers are shown
    5.     Access-Control-Allow-Credentials: true
    6.     Access-Control-Allow-Headers: Accept, Content-Type, X-Access-Token, X-Application-Name, X-Request-Sent-Time
    7.     Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
    8.     Access-Control-Allow-Origin: *
    9.     Content-Type: multipart/form-data; boundary=FHWWf7YgeWajGKqOVlxukBwdcfn7EzfFWjNCIiVw
    10.     Referer: https://www.example.com/index.html
    11.     User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
    Other changes I tried: - Unitywebrequest with Put then changed to post: But still the POST is not received

    Code (CSharp):
    1. UnityWebRequest request = UnityWebRequest.Put(url3, requestData);
    2.     request.method = "POST";
    3.     request.Send()
    - add chunkedTransfer to false though it's deprecated and false by default acc. to Unity.

    -Tried to add header for unity's webrequest but override not was allowed by browser:
    Code (CSharp):
    1. www.SetRequestHeader("User-Agent", @"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36");
    2. www.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8");
     
  2. MrsPiggy

    MrsPiggy

    Joined:
    Jun 13, 2018
    Posts:
    154
    RendergonPolygons likes this.