Hello, for my pet project with Unity i use UnityWebRequest Post request to communicate with a php file on an Apache server localy (my LAN) and everything works as expected. Then i decided to move the php file on an free internet web hosting service with a subdomain, and now i can't connect with Unity. UnityWebRequest Post gives an Generic/unknown HTTP error with Error code:403 when the url i POST at is: http://examplesubdom.server.com/filename.php , and Unknown Error with Error code: 0 when i post in Unity the url: https://examplesubdom.server.com/filename.php . Accessing the above urls in Firefox is ok and gives the expected results. If i replace the  "examplesubdom.server.com" part with the ip of the host service (taken from netstat comand)  i get a 403 Error code in Firefox.

Is there something i can do to connect the Unity app with the php file on the Internet? I have control of the server only through .htaccess file.

Thanks in advance....

How are you testing from your browser?  Have you tried mirroring the requests from Postman/PowerShell/curl?

There are two things that can get in the way.

The first is whatever your web server hosting is doing. Check the web server logs for the request in question, and see what's going on. This will let you see if the request even makes it to the server.

The second is cross-origin request security. If the Unity web request assumes that a certain domain is the origin, then trying to get data from another domain may end up being prevented, depending on security settings. (This is a real problem in browsers; don't know whether unity-on-desktop or unity-on-mobile have relaxed these rules.)

Using a tool like Wireshark when making the request from Unity, to see what goes on the wire, as well as the console developer view in Firefox or Chrome, in addition to the web server logs, should let you figure out what's going on.

You can also attempt to make a request to a site you know works, and see what comes back. http://www.google.com/ should return at least something. (Perhaps a redirect to a secure version of the page.)

Hello,

1 hour ago, fastcall22 said:

How are you testing from your browser?  Have you tried mirroring the requests from Postman/PowerShell/curl?

The php file returns an html document and i can see it in Firefox. In adition to test the Post request on the php file i use Poster plug-in with firefox and again i can see the response (code 200 and the HTML response as expected). Thanks for the hint about using this tools to debug the situation.  On a simple request from my pc:

curl --trace-ascii debugdump.txt http://examplesubdom.server.com/filename.php

gave a 403 Error code response.

Not sure what do you meen with " mirroring the requests", but i must do some research about the tools you proposed.......

1 hour ago, hplus0603 said:

There are two things that can get in the way.

The first is whatever your web server hosting is doing. Check the web server logs for the request in question, and see what's going on. This will let you see if the request even makes it to the server.

The second is cross-origin request security. If the Unity web request assumes that a certain domain is the origin, then trying to get data from another domain may end up being prevented, depending on security settings. (This is a real problem in browsers; don't know whether unity-on-desktop or unity-on-mobile have relaxed these rules.)

Using a tool like Wireshark when making the request from Unity, to see what goes on the wire, as well as the console developer view in Firefox or Chrome, in addition to the web server logs, should let you figure out what's going on.

You can also attempt to make a request to a site you know works, and see what comes back. http://www.google.com/ should return at least something. (Perhaps a redirect to a secure version of the page.)

 

About the first thing (What my web server hosting is doing.): I have a cPanel account for the site but the AccessLogs and ErrorLogs are not available to me. I cant download the logs because i cant select a date from the UI in cpanel, i dont like it but its a free service so i cant complain......

About cross-origin request , do you mean like this topic :https://www.gamedev.net/forums/topic/639052-unity-crossdomain-issue/ ?.This forum topic didnt help me about my problem.

I must install WIreshark on my Ubuntu box to check Unity requests and compare with Firefox requests and also with requests on my LAN server that works. I hoped the problem was somthing simpler....

Thank you both for the leads.....

curl --trace-ascii debugdump.txt http://examplesubdom.server.com/filename.php

Note that this generates a GET not a POST. You need to provide some data for curl to generate POST.

curl -d foo=bar --trace-ascii debugdump.txt http://example.com/script.php

Separately, I understand that free web hosts are ... free. But, really, if you want to do web development, you need SOMETHING that you have better control over.

You can run a web server on your local machine, with port forwarding from your firewall/router, and map a subdomain to that IP address. That will give you access logs.

Or you can get a $5/month small virtual machine from Amazon Lightsail or Linode or something.

Or get a "shared hosting" account on Dreamhost, which will give you log file access separated out for your domain/s. The benefit with shared hosting is you get to "burst" to more RAM and CPU than is available for a small virtual machine, but the draw-back is that it's shared and you may have noisy neighbors.

Hello,

@hplus0603 ,  i have considered of the possibility of running my own server but for security and uptime  reasons i think web hosting is a better solution. I don't want to pay for hosting (at least not yet...) but i'll check Dreamhost as an alternative. curl with POST parameters gives 403 error code page......

Googling about curl i found this thread: https://unix.stackexchange.com/questions/139698/why-would-curl-and-wget-result-in-a-403-forbidden and i added in Unity a header:

www.SetRequestHeader("User-Agent", "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" );

This returned an html page with javascript:

<html>
<body>
<script type="text/javascript" src="/aes.js" ></script>
<script>
function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});
return e}
function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);
return e.toLowerCase()}
var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("6813dbaad25f1153ed758aad49674422");
document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+";expires=Thu, 31-Dec-37 23:55:55 GMT;path=/"; 
location.href="http://myurl";
</script>
<noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript>
</body>
</html>

Where myurl= the url in my first post. I found out that the web host sets a cookie so i added in unity:

www.SetRequestHeader ("Cookie", string.Format ("__test=value got from Firefox inspector for the cookie"));

Then Unity worked for the http:// url , as expected.

When i tried https:// url, Unity responded with: Unknown Error and Error code: 0.  Is there an easy way to make https:// url work?  Wireshark dose not give any valuable info as everything is encrypted. The firefox inspector gives me the same value for the __test cookie on the https connection but i guess encryption messes it up?? Not sure how to proceed.....Https is a must for my project...

Thanks in advance.....

That HTML page appears to be a DoS deterrent served by your hosting provider.  Upon visiting one of the hosting provider’s sites, it appears that they redirect to this page where a challenge must be solved by your browser.  The browser will set a cookie to with the answer before redirecting to your site.  If the challenge was solved incorrectly or the user agent is not recognized, then it appears your hosting provider rejects the requests with a 403 forbidden.

At this point, I concur with hplus0603 in that you should get a server that you control.  Everything you’ve done up until now can be setup on a virtual machine or even your own development instance.

Since you plan on using HTTPS, I will assume that at this point you’ve figured out the server situation.  You will need to obtain an SSL certificate and install it on your site.  You can obtain 3–month certificates for free from letsencrypt, or you can purchase your own SSL certificates from a certificate authority such as Verisign.

Hello,

Thank you all for your replays and the info, you are right i must get a sever which i can control and making my server public to the internet seems the way to go, at this point....