How can I bypass CORS with Unity WebGL?

Hello, I am trying to read and write from a file. I uploaded my WebGL build to Itch.io. I have my server running on my Mac Terminal, it is at localhost:9000. When I run the game on Itch.io I get this error:
Access to XMLHttpRequest at ‘http://localhost:9000/getlevellist.php’ from origin ‘https://v6p9d9t4.ssl.hwcdn.net’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
My C#:
UnityWebRequest www = UnityWebRequest.Get(“http://localhost:9000/getlevellist.php”);
yield return www.SendWebRequest();
My PHP:

<?php
 /*if (isset($_SERVER['HTTPS_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTPS_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
        //header('Access-Control-Max-Age: 86400'); 
    }
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTPS_ACCESS_CONTROL_REQUEST_METHOD']))
            // may also be using PUT, PATCH, HEAD etc
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

        if (isset($_SERVER['HTTPS_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTPS_ACCESS_CONTROL_REQUEST_HEADERS']}");

        exit(0);
    }*/
   
    //header ("Access-Control-Allow-Origin: *"); 
    //$text1 = $_POST["Data"];
  
   
        $file = fopen("ListLevel", "r");
    
    //echo fread($file, filesize("ListLevel"));
    echo file_get_contents("ListLevel");
    fclose($file);

?>  

How can I resolve this and bypass CORS? Thank you in advance.

@misher
I’ve seen things about headers before, but I have no idea where to put it. Do I put it in my Mac Terminal (because it’s my server), or do I put it in my PHP. I tried putting it there, but the PHP script is run every second, and it gave me an error. Where and how do I implement the header?

I can’t help you bypass CORS, but let me ask you this: assuming that you did get it working, what’s your next step? I mean, you can’t really expect everyone who wants to run the game, to have a PHP server running on their local machine, right? So what’s the plan to deal with that? Are you going to host your PHP on a publicly addressable server? Or replace the PHP component with something else? Heck, you could just ditch the PHP altogether and put the ListLevel file on a public server directly.

Whatever it is, maybe you should just go ahead and start implementing that, instead of wasting time on a temporary problem.,I can’t help you bypass CORS, but let me ask you this: assuming that you did get it working, what’s your next step? I mean, you can’t really expect everyone who wants to run the game, to have a PHP server running on their local machine, right? So what’s the plan to deal with that? Are you going to host your PHP on a publicly addressable server? Or replace the PHP component with something else? Heck, you could just ditch the PHP altogether and put the ListLevel file on a public server directly.

Whatever it is, maybe you should just ahead and start implementing that, instead of wasting time on a temporary problem.

@coslor

I cannot afford a server right now, but even if I could wouldn’t I have to still go through CORS. Changing my server just changes the address. Am I wrong?

To allow your origin you just add it like this:

header("Access-Control-Allow-Origin: Itch.io");

Or you can allow all origins like this:

header("Access-Control-Allow-Origin: *");