C3 r25 introduces a new addon testing mode

For discussion and help with the Construct 3 Plugin SDK

Post » Sun May 21, 2017 11:03 pm

I was able to get past the content security policy by setting up my localhost server to use https. I think the mixed http/https content (localhost on http) was causing the security policy to barf.

I'm now running into what I think is a CORS issue with my server ("resulted in a network error response: the promise was rejected.") I'll mess around with my tomcat server and see if this is a CORS issue as I suspect, and then I will try the non-secure localhost again to see if the CORS issue was my issue all along.
B
16
S
5
G
3
Posts: 30
Reputation: 2,245

Post » Wed May 24, 2017 1:50 pm

Is it possible to allow http urls for dev addons?
Error in console when i'm trying to install such addon:
Code: Select all
Refused to connect to 'http://localhost:49152/photonC3/addon.json' because it violates the following Content Security Policy directive: "connect-src 'self' blob: wss://signalling.construct.net wss://build.construct.net https://downloads.scirra.com localhost:*".
B
7
S
2
Posts: 170
Reputation: 1,023

Post » Wed May 24, 2017 1:59 pm

It's meant to work over HTTP on localhost. I'm not sure why it's not working. I'm sure I tested this successfully before.
Scirra Founder
B
399
S
236
G
89
Posts: 24,530
Reputation: 195,402

Post » Wed May 24, 2017 2:08 pm

@ThePhotons Awesome to see you're already working on a C3 plugin. Can't wait to try it out when it's done and migrate my project! :D Good job!
Follow my progress on Twitter
or in this thread Archer Devlog
B
41
S
18
G
18
Posts: 1,028
Reputation: 13,353

Post » Wed May 24, 2017 2:22 pm

Ashley wrote:It's meant to work over HTTP on localhost. I'm not sure why it's not working. I'm sure I tested this successfully before.

'localhost:*' is specified w/o protocol. What if add http:// there? Without protocol it allows at least https urls.
B
7
S
2
Posts: 170
Reputation: 1,023

Post » Tue May 30, 2017 5:27 pm

/r32/main.js:2 Mixed Content: The page at 'https://editor.construct.net/' was loaded over HTTPS, but requested an insecure resource 'http://localhost/C3Plugins/demoplugin/addon.json'. This request has been blocked; the content must be served over HTTPS.
s @ /r32/main.js:2
ImageImageImage
B
71
S
22
G
248
Posts: 3,761
Reputation: 138,073

Post » Tue May 30, 2017 7:19 pm

Dang, looks like we need to reconfigure it again...
Scirra Founder
B
399
S
236
G
89
Posts: 24,530
Reputation: 195,402

Post » Thu Jun 01, 2017 2:42 pm

Sorry for the delay getting this working, it turns out https:// -> http://localhost is difficult to set up due to a series of security restrictions in place. It works on my machine because the dev verison of C3 also runs on http://localhost, but the fact editor.construct.net runs on https causes loading from http://localhost to break.

I think the best solution is to also add support for secure localhost (i.e. https://localhost) and use a self-signed certificate there. That should then stop the browser blocking the load. There should be something in place for the next release (r34) assuming there aren't any other security hurdles.
Scirra Founder
B
399
S
236
G
89
Posts: 24,530
Reputation: 195,402

Post » Fri Jun 02, 2017 5:41 pm

@Ashley, did you make some changes regarding localhost in r34?
B
21
S
5
Posts: 23
Reputation: 1,207

Post » Sat Jun 03, 2017 12:52 pm

It needs a server-side change which I think hasn't happened yet, I'll try to sort this out soon.
Scirra Founder
B
399
S
236
G
89
Posts: 24,530
Reputation: 195,402

PreviousNext

Return to Plugin SDK

Who is online

Users browsing this forum: No registered users and 0 guests