Skip to main content

Browse GamesGame JamsUpload GameDeveloper LogsCommunity
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines
PeteX5 years ago

CORS is a way for a server to say what web requests it is prepared to accept from other sites.  It's difficult to know what itch could do to foul this up, since itch has no control over your server.  However, if you hosted your game on your own server, there would be no need for CORS.  Cross-Origin Resource Sharing only applies when the request is cross-origin, and it is not if the game and the analytics service are hosted in the same place.

There are a couple of traps with CORS.  The first is that for some types of request, CORS has to be explicitly requested by the code running on the browser.  The second is that a CORS request is split into two, with an initial "preflight" request being used to check for the presence of the CORS headers.  This is done with the HTTP OPTIONS method, so you should make sure your server is sending the CORS headers in response to OPTIONS as well as GET/POST.

Reply
Dom Camus5 years ago

Yup, all that is standard. Doesn't seem to work. I've doubtless messed something up, but can't work out what.

Reply
PeteX5 years ago

Do you get any errors on the browser console?

Reply
Dom Camus5 years ago

I do, but it simply says: "Blocked loading mixed active content "http://blah/blah/something.php?" [Learn More]

Clicking [Learn More] takes me to a generic Mozilla info page and says nothing more about my specific error.

Reply
PeteX5 years ago(+1)

I don't think mixed content refers to CORS at all.  It's saying that you're loading an insecure resource (http://...) from a secure page (https://...).  That makes sense actually.  Itch serves everything from https so you'll need to load your analytics script from a secure server as well.

(The reason for the error, I imagine, is that otherwise the user is misled about the level of security on the page.  It appears to be secure, but in fact it could be attacked by tampering with the insecure script.)

Reply
Dom Camus5 years ago

Oh, interesting! I'll try switching to an https URL and see if that helps. Thanks for the tip!

Reply
Dom Camus5 years ago

Hrm... changing the request to https: within Unity doesn't change the error shown in the console (still http:). Very odd.

Reply
PeteX5 years ago

I don't know why that would be, assuming you've cleared your cache and everything.  I haven't used Unity analytics.  What happens if you change it to a completely different https URL?  Do you get the new URL, but with http instead of https?  Do you still get the old URL?  Or does it actually work and you get the new URL with https?

Reply
Dom Camus5 years ago

It's not Unity analytics per-se. I'm calling a PHP script on my own server.

I really appreciate your help, by the way, but I'm happy to slowly debug this on my own. If I work out what's up with it I'll post here to let others know.

Reply
Aergia5 years ago(+2)

Hey! Not sure if you still have this issue, I found this thread by looking for a solution myself.

I fixed the "mixed active content" error by switching to UnityWebRequest instead off the WWW class I was using. Seems the WWW thing defaulted to http regardless of what you wrote in the URL. At the same time I forced my server to only accept https, I did these at the same time so I'm not sure if the force https thing is needed. Hope it makes sense :)

(And check out my thing here if you want ;-) https://aergia.itch.io/the-city-haze )

Reply
Dom Camus5 years ago

That's awesome, thanks!

(No, I never fixed it, I just switched to hosting the game on my own server. The itch.io versions don't upload analytics currently.)

Reply
AboutFAQBlogContact us
Copyright © 2024 itch corp · Directory · Terms · Privacy · Cookies