Our team recently had a UE4 project built for Win64 platform, in which we were able to successfully make HttpRequests to a webservice. Recently, we have been asked to deploy our project to the web, so now we are building the project in HTML5.
Since building our project for HTML5, we can no longer successfully make calls to the service. Every time we make a call, we receive:
We have found very little information on the forums as to how we can correct the issue. Does anyone have any idea on where we could start?
Thanks!
The restriction that is happening here is called Cross-Origin Resource Sharing (CORS) security policy, Cross-origin resource sharing - Wikipedia . CORS as a security policy is interesting in that it is a cooperative policy adopted by user’s client browser, instead of only the remote server. Native Win64 builds of Unreal Engine 4 do not implement CORS security policies, but web browsers do, which is why you are seeing this error come into play only when running in a web browser.
Basically the idea of CORS is that each web server advertises a list of domains/web pages that are allowed to request resources from that web server. User’s web browser then ensures that this list is honored, and web requests from external sites are not passed through. The intent of this is to prevent, among others, cross-site scripting and script injection attacks from gaining a wider attack surface.
The way to get the web service to work again is to configure it to allow requests to come in from foreign origins, by configuring the CORS response headers that the web server is sending when it serves pages to clients. The Wikipedia page is a good start, and MDN also has more information about this: Cross-Origin Resource Sharing (CORS) - HTTP | MDN
Thanks! That gave us the right direction to head in. We had to allow the called server to accept our own address we were calling from. It’s all in the headers and Access-Control-Allow-Origin. We did get it working in the end.