Can't Send a form to a server(POST) due to CORS error in a WEBGL build

At the beginning i am not fully understanding http and web request so correct me if i am wrong.
I am currently working on a game and it will be hosted on a server as a webgl build
at the very beginning of the game the player sends some information to an API. The API has an ip whiteList ( i guess it is set via CORS ). but when i send a request i get a response code = 0 and i cannot connect to the server. Although my host domain is added to the whitelist.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at

my questions are.

  • when i send the request in an webgl build what is the ip and the host that sends that request? is it the server that hosts the webgl or the device that runs it(browser based) ?
  • If so, how to establish a connection and fix this problem?

Thanks in avance.

Well you haven’t said where your WebGL content is hosted loaded from. The same origin policy is not about IPs, it’s about domains. If you host your content on a certain server, say then the content that is loaded in the browser is only allowed to access other resources on the same domain. So whatever API you want to access has to be on the domain. If your API is located on another server / domain, that other server has to implement CORS and specifically allow access from other domains. Either a wildcard, allowing any other domain to access your API, or you restrict it do your own domain.

However that is usually not an issue since in most cases you would host your webgl content on the same server anyways. If you really host your actual game somewhere else, it depends on the server where you API is located. If it’s an apache server, have a look over here. Note that many free hosters do not allow direct access to the server config. They often have policies that you are not allowed to use their service as a pure backend and might even have anti bot measures in place which makes those hosters pretty useless for such cases.

Note that if you “test” your webgl build locally, so you just open the html file from your HDD your server has to have CORS setup. Many browsers are actually even stricter with content loaded from the clients HD. For example relative paths that go one level up are not allowed. Otherwise a website loaded locally would have access to your whole HDD

I would generally recommend when you want to test your build, upload it to your actual server and test it on the server. I run an apache server on my raspberry pi. I also have a samba server installed so I have direct disc access to my “webspace” folder on my rpi. So I can simply copy the content directly onto my server. If you have an externally hosted server you usually have FTP access to your webspace.