Ajax post working on windows, not on android


#1

I am trying to communicate with a couchdb hosted on a remote server.

I make a GET request and a POST request. I’m also using smileupps to host couchdb(they have free hosting). Here’s the CORS configuration:

credentials: false; headers:Accept, Authorization, Content-Type, Origin; methods: GET,POST,PUT,DELETE,OPTIONS,HEAD; origins: *

Everything works fine when launching ZapWorks Studio on windows. When scanning the zapcode with an android device, however, the post ajax call fails. Only the post. I am using basic authentication . I enforce that only the admin can manage the database on couchdb. I can access the host from both the desktop and the phone from a web browser to do everything manually.

I tried everything I could of to solve the problem: remove authentication, change the CORS configuration…nothing works. I thought it was an issue with CORS but everything works fine on windows and on the mobile just the POST fails…I keep getting a status code of 0. I’ve been trying to make this work for hours and hours. Here’s the zpp to show the logic. ajax.zpp (187.4 KB) .

What I want to do is basically fetch the documents from a database, then post another. Everything works on windows. On mobile the post refuses to work.

EDIT
New info, testing on apitester also works on the desktop and mobile.

EDIT
Tried with REST Api Client on my phone and it worked as well. This can only be a CORS issue or something with zapworks. Weird that it works on windows but not on the phone.

EDIT - I found out what the problem is, but not how to fix it. So I set a proxy to debug the requests made from zapworks studio following this tutorial. It seems that it does a preflight request but gets the response

"HTTP/1.1 405 Method Not Allowed"

even though the payload is

{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST allowed"}.

Here’s the request:

OPTIONS /ranking HTTP/1.1
Host: somehost.com
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: null
User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G950U1 Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36
Access-Control-Request-Headers: authorization,content-type,x-requested-with
Accept: /
Accept-Encoding: gzip, deflate
Accept-Language: en-US
X-Requested-With: com.zappar.Zappar

and the response:

HTTP/1.1 405 Method Not Allowed
Server: CouchDB/1.6.0 (Erlang OTP/R15B01)
Date: Mon, 18 Jun 2018 21:22:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 76
Cache-Control: must-revalidate
Allow: DELETE,GET,HEAD,POST
Access-Control-Expose-Headers: Cache-Control, Content-Type, Server
Access-Control-Allow-Origin: null
Connection: keep-alive

{“error”:“method_not_allowed”,“reason”:“Only DELETE,GET,HEAD,POST allowed”}

which clearly shows that POST is allowed…

On the windows side, there doesn’t seem to be a preflight request for some reason and my guess is that’s why it works. Now the question is how do I configure CORS on couchdb to work on android. These are the configurations available:

enable_cors: true
credentials: false
headers:Accept, Authorization, Content-Type, Origin
methods:GET,POST,PUT,DELETE,OPTIONS,HEAD
origins:*

This is the code:

const Open_SansRegular_ttf0 = symbol.nodes.Open_SansRegular_ttf0;

parent.on(“ready”, () => {
const Plane0 = symbol.nodes.Plane0;

let ajaxParameters : Z.Ajax.Parameters = {
    url: "https://something.smileupps.com/test/_all_docs?include_docs=true",
    headers: {"Authorization": "Basic my64encoding"},
    method: "GET",
    timeout: 3000
};

// Perform the AJAX request
Z.ajax(ajaxParameters, (statusCode, data, request) => {checkRequest(statusCode, data);});

ajaxParameters = {
    url: "https://something.smileupps.com/test",
    headers: {"Content-Type":"application/json", "Authorization": "Basic my64encoding"},
    method: "POST",
    body: '{"name" : "asdasd", "something": 234}',
    timeout: 3000
};

Z.ajax(ajaxParameters, (statusCode, data, request) => {checkRequest(statusCode, data);});

});

function checkRequest(statusCode, data) {
if (statusCode === 0) {
Open_SansRegular_ttf0.text(“Unable to connect - check network connection.”);
console.log(“Unable to connect - check network connection.”);
return;
}

if (statusCode < 200 || statusCode >= 300) {
    Open_SansRegular_ttf0.text("HTTP request failed: " + statusCode);
    console.log("HTTP request failed: " + statusCode);
    return;
}

// Attempt to parse the data returned from the AJAX request as JSON
let parsedData;
try {
    // https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse
    parsedData = JSON.parse(data);
} catch (e) {
    Open_SansRegular_ttf0.text("Unable to parse JSON: " + e);
    console.log("Unable to parse JSON: " + e);
    return;
}

return parsedData;

}

EDIT - Here’s the request on windows

Accept:/
Accept-Encoding:gzip, deflate
Accept-Language:en-US
Authorization:Basic mybase64encoding
Connection:keep-alive
Content-Length:37
Content-Type:application/json
Host:http://something.smileupps.com/test
Origin:file://
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ZapWorksStudio/4.0.4-stable Chrome/58.0.3029.110 Electron/1.7.9 Safari/537.36
X-DevTools-Request-Id:3680.9
X-Requested-With:XMLHttpRequest

and the response:

Access-Control-Allow-Origin:file://
Access-Control-Expose-Headers:Cache-Control, Content-Type, ETag, Server
Cache-Control:must-revalidate
Content-Length:95
Content-Type:text/plain; charset=utf-8
Date:Mon, 18 Jun 2018 21:36:22 GMT
ETag:“1-512f89feb3d0a88781119e772ec6fd7b”
Location:http://something.smileupps.com/test
Server:CouchDB/1.6.0 (Erlang OTP/R15B01)

No preflight.


Memory game
#3

Hey guys I made a post on stackoverflow with 100 points bounty


#4

https://github.com/pouchdb/add-cors-to-couchdb this might be helpful :slight_smile:


#5

Hey Mark thanks. The couchdb on the remote server has CORS configurations. A person replied on the stackoverflow post:

Your problem is in the request: Origin: null is usually what you get when the Web page containing the xhr request is opened with the file: rather than the http or https protocol. You won’t get any successful CORS request with such an origin.

It seems the ajax call is getting messed up for some reason.


#6

There seems to be an issue with the way the origin header is handled by ZapWorks Studio:

Is there any way to circumvent this? Any settings to change?


#7

Our platform team have reviewed this. Most server software allows you to specify that Origin: null is permitted but it looks like the combination of CouchDB and the Chrome implementation on Android don’t make this possible. We are looking at a modification to our platform that will give content experiences proper origins. It’s in our roadmap but we don’t have a timeframe at the moment. How quickly would you be looking to deploy this? The other workaround would be to ‘proxy’ CouchDB using something like nginx to allow all origins for the preflight request.


#8

Yea the proxy solution is what I’m going for for the time being. Glad to know implementing proper origins is on the roadmap. Thank you for your time!


Game ranking
#9

Thank you so much for this. I was into this issue and tired to tinker around to check if its possible but couldnt get it done. Now that i have seen the way you did it, thanks guys
with regards