WWW+WWWForm 500 Internal Server Error

Question

I am trying to send data to a webserver via WWWForm but I get this error. Looking into apache logs, I can see unity accessing the requested page but there is no error in logs. The server side code is ok, I've tested it with a GET from unity and is doing what is suppose to do. But when I switch to sending data with wwwform via POST I get "500 Internal Server Error" no matter what i do.

Using GET like this WWW www = new WWW(url + "?field1="+value1+"&field2=value"+"&field3="+value3); works as intended without any error.

Here is a test I've done outside of my game:

 using UnityEngine;
 using System.Collections;
 
 public class senddata : MonoBehaviour
 {
     private bool once = false;
     WWW www = null;
 
     void OnGUI()
     {
         if (GUI.Button(new Rect(Screen.width / 2 - 100, Screen.height / 2 - 20, 200, 40), "Send"))
         {    
             StartCoroutine("Send");
         }
 
 
     }
 
     IEnumerator Send()
     {
         WWWForm form = new WWWForm();
         form.AddField("f1", "value 1", System.Text.Encoding.UTF8);
         form.AddField("f2", "value 2", System.Text.Encoding.UTF8);
         form.AddField("f3", "value 3", System.Text.Encoding.UTF8);
         www = new WWW("obscured", form);
 
         yield return www;
 
         if(!string.IsNullOrEmpty(www.text) && !once)
         {
             Debug.Log(www.text);
             once = true;
         }
     }
 }

Answer 1

Best Answer

Answer by scarpelius · Feb 23, 2014 at 06:36 PM

I will answer myself to this since I found the problem. I use Codeigniter framework on the server side and this had the Cross Site Request Forgery and Global XSS Filtering on. Disabling them removed my problem.

Add comment · Share

Answer 2

Answer by stijnvdbBiodroid · Mar 09, 2015 at 01:03 AM

Spent some time on this same issue, framework was Laravel 5.0. Laravel uses csrf tokens to prevent cross-site request forgeries, you can disable that by editing app/Http/Kernel.php, commenting out this line:

 'App\Http\Middleware\VerifyCsrfToken',

Hope this helps someone.

Add comment · Show 1 · Share

shaneparsons · Jun 03, 2016 at 02:12 PM 0

Share

Is there a way to use the CsrfToken rather than disabling it?

Answer 3

If I understand correctly: both these solutions deactivate a security check on the frameworks.

I'm using Laravel and I wanted to keep the security active except for a few routes requested by my Unity game.

It would seem that Laravel offers this possibility (as described in Excluding URIs From CSRF Protection) but after many tests it didn't seem to work. Looking at the code, I'm not sure the $except var is used by the framework...

I found this solution wich does the trick.

Basically, rewrite the handle() funcion in App\Http\Middleware\VerifyCsrfToken.php so that it takes the $except var into account. Beware if you copy their code paste, they renamed $except to $except_urls.

 public function handle($request, Closure $next) {

         $regex = '#' . implode('|', $this->except_urls) . '#';
         if ($this->isReading($request) || $this->tokensMatch($request) || preg_match($regex, $request->path()))
         {
             return $this->addCookieToResponse($request, $next($request));
         }
 
         throw new TokenMismatchException;
     }

WWW+WWWForm 500 Internal Server Error

3 Replies

Your answer

Follow this Question

Related Questions