Java-Gaming.org Hi !
Featured games (90)
games approved by the League of Dukes
Games in Showcase (731)
Games in Android Showcase (217)
games submitted by our members
Games in WIP (799)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Libgdx HTTPRequest  (Read 1037 times)
0 Members and 1 Guest are viewing this topic.
Offline Apo
« Posted 2017-01-02 13:54:07 »

Hi,

I made a little math game and want to save and load the highscore with php and mysql.
Everything works fine in the desktop and the android version. But in the html version of the game I can save the score but the highscore dont want to load ingame.

The code I use
1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
13  
14  
15  
16  
17  
18  
19  
20  
21  
22  
23  
24  
25  
         HttpRequestBuilder requestBuilder = new HttpRequestBuilder();
         HttpRequest httpRequest = requestBuilder.newRequest().method(HttpMethods.GET).url(EqualConstants.USERLEVELS_GETPHP).build();

         Gdx.net.sendHttpRequest(httpRequest, new HttpResponseListener() {
            @Override
            public void handleHttpResponse(HttpResponse httpResponse) {
               String resultAsString = httpResponse.getResultAsString();
               String[] split = resultAsString.split("\n", -1);
               if ((split != null) && (split.length > 0)) {
                  maxScore = Integer.valueOf(split[0]);
               }
            }

            @Override
            public void failed(Throwable t) {
               Gdx.app.log("Failed ", t.getMessage());
            }

            @Override
            public void cancelled() {
               Gdx.app.log("Cancelled", "Load cancelled");
            }
         });
         
         return true;


Can someone tell what is wrong? Thanks =)
Offline Apo
« Reply #1 - Posted 2017-01-02 14:45:57 »

Ok, found the problem -> no access control allow origin header

Solved it with the new header information in the php file. But the correct solution seems to be using cors. I will add it now.
Online jonjava
« Reply #2 - Posted 2017-01-02 14:47:07 »





Seems to work for me?

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Online jonjava
« Reply #3 - Posted 2017-01-02 14:50:33 »

Ah, yes, your web server needs to set the "Access-Control-Allow-Origin" header on the http response, otherwise the Browser will not allow the client side code to receive the message.

Browsers comply with this since it prevents blatant content leeching  (doesn't prevent anyone from accessing it directly though)

Offline Riven
Administrator

« JGO Overlord »


Medals: 1284
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #4 - Posted 2017-01-09 18:02:46 »

CORS is actually a security measure, not a way to block content leeching.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings!
Online jonjava
« Reply #5 - Posted 2017-01-10 03:18:33 »

It's not, though. I mean technically it's an accepted vulnerability to break out of the Same-origin policy (which is different).

It's practically a gentlemen's agreement between the web server and the browser.

It doesn't actually secure the web server in the slightest, nor the browser for that matter, and not really the user either - the only scenario I can think of is a compromised domain hosting the app accessing the same API - in which case the user has already been bamboozled (in fact it would make more sense for the comprised domain to NOT use the same API but simply grab the user details by proxy in that case so as to keep the original host unawares).

So in practice CORS really only prevents content leeching (through browser land). But certainly doesn't actually secure anything. In fact browsers put heavy restrictions on CORS requests.

Offline Riven
Administrator

« JGO Overlord »


Medals: 1284
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #6 - Posted 2017-01-10 22:44:45 »

Note sure what you mean, as CORS is not used for <img src="..."> requests, and is used for ajax-calls with specific http-methods and non-trivial http-headers. So it does not stop content leeching of images and I'm not sure how many people leech content through the ajax API... Smiley

In earlier versions of Chrome, you could disable CORS with the CLI param:
--disable-web-security


Anyhoo, this is a tad offtopic. If you wish to elaborate I could split it off this topic.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings!
Online jonjava
« Reply #7 - Posted 2017-01-11 10:51:00 »

Lots of sites load content dynamically directly through API's these days. Usually text based like articles, blogs, comments, posts and image/video URLs (that are later <img src="">:ed to the page) (Although avatars and small images are sometimes base64 encoded directly as a string). Using ajax-calls like you said (XMLHttpRequest).

However, since the API is public (you don't have to register or be logged in to see comments) practically anyone could make use of your content (and they can).

Using Access-Control-Allow-Origin, however, you can restrict access to the API (and its content) from a specific domain. This way someone else can't simply make another site using content from your API (since 99.9% of users use modern Browsers like Edge, Chrome or Safari that respect CORS).

Nothing of course prevents them from creating some kind of proxy (an HTTP request not issued through the Browser) to your API (but those are much more easier to detect and block), or simply copy/pasting your content (but still takes much more effort than simply using your API directly).

And if someone is somehow abusing your content anyway regardless of CORS, since your API is flexible, you can push a button to serve GOATSE or jargon from your old endpoints while keeping your own domain unaffected.

Pages: [1]
  ignore  |  Print  
 
 

 
Archive (339 views)
2017-04-27 18:45:51

buddyBro (537 views)
2017-04-05 04:38:00

CopyableCougar4 (984 views)
2017-03-24 16:39:42

theagentd (1019 views)
2017-03-24 16:32:08

Rule (994 views)
2017-03-19 13:43:22

Rule (976 views)
2017-03-19 13:42:17

Rule (974 views)
2017-03-19 13:36:21

theagentd (1073 views)
2017-03-16 06:07:07

theagentd (995 views)
2017-03-15 23:37:06

theagentd (770 views)
2017-03-15 23:32:18
List of Learning Resources
by elect
2017-03-13 15:05:44

List of Learning Resources
by elect
2017-03-13 15:04:45

SF/X Libraries
by philfrei
2017-03-02 09:45:19

SF/X Libraries
by philfrei
2017-03-02 09:44:05

SF/X Libraries
by SkyAphid
2017-03-02 07:38:56

SF/X Libraries
by SkyAphid
2017-03-02 07:38:32

SF/X Libraries
by SkyAphid
2017-03-02 07:38:05

SF/X Libraries
by SkyAphid
2017-03-02 07:37:51
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!