CORS and requests... the never ending story...

For developers using the Construct 2 Javascript SDK

Post » Mon Apr 25, 2016 6:14 pm

Hi guys!

I'm writing my first C2 plugin (better to say, my first (bigger) confrontation with JS).
I know what CORS is - and already had the one or another meet with it.

Background info:
I'm writing a little framework which handles account managing and data storation for a C2 dev. Ive seen a lot questions about accounting, etc. - got a great help days back - and now I'ld like to share my knowledge with anyone who doesnt know how to ajax userdata via php into a mysql db. For that Im rewriting an account managing system (with all its needs, registering, login, "forgot password"-function, token based, "remember me" function, etc..; incl. storing data (preffered as JSON) in the backend). But more to the plugin when its ready to see the light of beta-testers...

To my problem:
When I got a simple return...
Code: Select all
header("Access-Control-Allow-Origin:*"); // Allow all origins

$InputAction = $_POST["Action"]; // Eventhandler

if ($InputAction == "Register") {

... everything works fine. Even if Im extending the whole stuff. CORS is on * in row 2 as you can see (I was told from different sources, that its best to build a func, etc etc... but sources like also told me, that the one-row is ok. And unless Ive tested it with several scripts (including AJAX cross domain requests out of C2), Im at least sure that it works.

Now, when I extend the source of the serversided script, like...

Code: Select all
header("Access-Control-Allow-Origin:*"); // Allow all origins

require('includes/config.php'); // Prerequisite

/** Numeric callbacks (!negative values!)
-200 Registration successful; validation mail sended
-250 Username OK

-300 Username too short
-301 Username already in use
-302 Password too short
-303 Invalid email address
-304 Email already in use
-305 Error while registration

-400 Illegal request

$InputAction = $_POST["Action"]; // Eventhandler

$InputUsername = $_POST["Username"]; // Requesting username
$InputMailaddress = $_POST["Mailaddress"]; // Requesting mail address
$InputPassword = $_POST["Password"]; // Requesting password

if ($InputAction == "Register") { // Action: Register
   if(strlen($InputUsername) < 3){ // Check Username length
      $error[] = 'Username is too short.';
   } else { // Check if username already exists
      $stmt = $db->prepare('SELECT username FROM members WHERE username = :username');
      $stmt->execute(array(':username' => $InputUsername));
      $row = $stmt->fetch(PDO::FETCH_ASSOC);

      if(!empty($row['username'])){ // If username already taken
         $error[] = 'Username provided is already in use.';
else {

... (its only a snipped, which could be used as a standalone "give me feedback!"-debug tool) Im getting a 500:

Code: Select all
XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access. The response had HTTP status code 500.

There is no mistake in the syntax (the http-ui works perfectly; which contains same parts of the script in a single *.PHP) and I cant figure out whats going wrong here. I

Does someone may have an idea whats going wrong here? After about 11 hours of work on the C2 plugin, everything breaks together because of this, driving me nuts....

Have a great day,
Posts: 118
Reputation: 6,794

Return to Javascript SDK

Who is online

Users browsing this forum: No registered users and 1 guest