UnityWebRequest not working in WebGL build

My game works perfectly fine from within the Unity editor, but as soon as I upload the WebGL build to my website, everything works until I click the leaderboard button which contains the Unitywebrequest. I have been working on this for awhile, trying to understand. Thank you in advance.

Here’s the script:

IEnumerator GetScores()
{
    using (UnityWebRequest www = UnityWebRequest.Get(webURL + publicCode + "/quote"))
    {
        yield return www.SendWebRequest();

        if (www.isNetworkError || www.isHttpError)
        {
            Debug.Log(www.error);
        }
        else
        {
            string results = www.downloadHandler.text;
            string[] splitResults = results.Split(new char[] { ',', '

’ }); //Contains lots of “Joshua16” “16” “0” “” “1/24/2019 10:26:08 PM”

            string[] TenNames = new string[10];
            string[] TenScores = new string[10];
            for (int j = 0; j < 50; j++)
            {
                if (j == 0 || j == 5 || j == 10 || j == 15 || j == 20 || j == 25 || j == 30 || j == 35 || j == 40 || j == 45)
                {
                    splitResults[j] = splitResults[j].Trim('\"');
                    TenNames[j / 5] = splitResults[j];
                }
                if ((j == 1 || j == 6 || j == 11 || j == 16 || j == 21 || j == 26 || j == 31 || j == 36 || j == 41 || j == 46))
                {
                    splitResults[j] = splitResults[j].Trim('\"');
                    TenScores[j / 5] = splitResults[j];
                }
            }

            OneName.text = TenNames[0];
            OneScore.text = TenScores[0];
            TwoName.text = TenNames[1];
            TwoScore.text = TenScores[1];
            ThreeName.text = TenNames[2];
            ThreeScore.text = TenScores[2];
            FourName.text = TenNames[3];
            FourScore.text = TenScores[3];
            FiveName.text = TenNames[4];
            FiveScore.text = TenScores[4];
            SixName.text = TenNames[5];
            SixScore.text = TenScores[5];
            SevenName.text = TenNames[6];
            SevenScore.text = TenScores[6];
            EightName.text = TenNames[7];
            EightScore.text = TenScores[7];
            NineName.text = TenNames[8];
            NineScore.text = TenScores[8];
            TenName.text = TenNames[9];
            TenScore.text = TenScores[9];

        }
    }
}
public void getScores()
{
    StartCoroutine(GetScores());
}

IEnumerator PostScores()
{
    using (UnityWebRequest www = UnityWebRequest.Get(webURL + privateCode + "/add/" + UnityWebRequest.EscapeURL(nameField.text) + "/" + PlayerPrefs.GetFloat("currentHighScore")))
    {
        yield return www.SendWebRequest();
        if (www.isNetworkError || www.isHttpError)
        {
            Debug.Log(www.error);
        }
        else
        {
            Debug.Log("Form Upload Complete!");
        }
    }
    getScores();
}
public void postScores()
{
    StartCoroutine(PostScores());
}

Maybe a CORS issue?

My first guess also was that it may be a permission issue. However i had a look at the network analysis of my firefox and there was no attempt of the two get requests whatsoever. So i simply checked the browser console and i’ve immediately found the issue ^^.

The URL you’re trying to access is an “http” address while your site is hosted on an https server. https and http can not be mixed. The browser itself will block any http request from inside a https site.

Your URL starts with http://dreamlo.com/...

If I allow / unblock mixed content in my Firefox for your website (see here if you use firefox), the requests go through and i see the leaderboard. However this is not an option. A secure website has to handle all requests over https. Though it looks like that “dreamlo” website doesn’t support ssl and doesn’t have a certificate as well. So i would strongly recommend to not using this site. On the wiki there’s a simple example how to setup your own server side highscore if your webserver supports PHP and provides a mysql database. Of course you would use https URLs and not http :slight_smile:

As final note: Everybody can see the “privateCode” in the request URL. So it’s extremely easy to “cheat”. Though this can’t really be prevented