App Mobile and API connection

I’m setting a Mobile App that needs to get dynamic data from a MySql database on a domain server
In the Web Project of the website, I created a Server Action to list the data from the database with a Query
In the Mobile App Project I have a page with Data Source API, which by connecting to the Action’s php file, can correctly read the data from the database
All is well, but unfortunately a strange thing happens
In the Code Section of the page, I not report any errors, while in the Design Section, 2 errors appear that do not make me feel comfortable
What is it about? And where should I take action to correct the errors?
Thank You

Recent versions of chrome (which Wappler design uses) have started blocking cookies where the domain is not the same. In a mobile app, the domain will not match.

If the cookie in question is the security provider from your server action, then this should help…set the cookie to Secure and SameSite None:

If the cookie is your PHPSESSID cookie, then adding these to your php.ini should fix:

session.cookie_samesite = "None"
session.cookie_secure = 1

–Ken

3 Likes

Thank You
I understood the problem but didn’t understand where I need to change

1 Like

I think it is necessary for me and for all those who intend to create a Mobile App, to clarify the correct procedure:
FIRST PART - API CREATION
1- We assume that there is a website with dynamic data from MySql database, created with Wappler
2- The first step is, if I’m not mistaken, to create an Action Server to extract the data from the database (connection to the DB and Data Query)
3- FIRST DOUBT Maybe instead of the normal Action Server, I need to use API Action Server? And in this case how does it work? Which URL should be entered?
4- SECOND DOUBT If the PHP file is generated by the Action Server it does not contain any data for authorizations, perhaps it is necessary to enter them manually?
Having said that, is it possible to give a brief example of the correct procedure for creating an API?

Correct assumption.

Again, correct.

No API required (Server Connect is your API) you just select the alternative Project containing the data source selecting it from the drop-down and then select your Server Action from this source as required.

1

You will need to include the Content Security Policy Meta in your page to reflect the domain where the Server Connect Action is located.

Example below:

<meta http-equiv="X-Content-Security-Policy" content="img-src 'self' data:; default-src 'self' 'unsafe-inline'; https://EXAMPLEDOMAIN.com/*/ https://*/ https://EXAMPLEDOMAIN2.com/*/ script-src 'self' 'unsafe-eval'; object-src 'self';">

https://*/

The above string allows for a *wildcard and usually allows for data sourced from any domain, but just to be safe we specify the parent domain itself.

I’ve included this and the domain string EXAMPLE.com and EXAMPLE2.com as an example, obviously replace with your data source domains…

You can use Security Restrict on your Server Actions to restrict access to specific user groups. The only problem here is that using the Security Provider only allows for PHP pages to work correctly (with an APP you can’s use PHP, you probably know this by now though), but on the back-end the Security Restrict step can send back an unauthorised flag which you can then interpret inside your application and redirect accordingly using the Browser component.

However! You can use Security Provider for your access purposes but the page protect will not work, hence using the Security Restrict on the back-end, which allows for a work-around. You can make use of the logged in users id, or whatever column you use to authorise access, but again this would be on the back-end and down to the groups you have specified there, and their respective permissions etc…

Hope that helps.

:slight_smile:

3 Likes

@George @Teodor

Could this thread be relocated to the Mobile Apps area? Could be useful for others looking to do the same, and save repeating… :slight_smile:

1 Like

What do you mean by Alternative Projects?
Maybe the Mobile App Project?

the workflow is explained here:

1 Like

The Project you have used as your data source (where your Server Connect Actions are created). Generally we have two Projects. One for the App structure/design itself and a second which will be used for your Server Connect Actions (date source). Project A is your App, and Project B is your source for data retrieved from your database.

Ahhh Teodor responded before me, but that’s the general idea.

:slight_smile:

Ok
I got lost, but then I had already reached that point, and in fact I was able to view texts and images from the database and it also worked on Android devices without any problem.
But the problem remains that of the beginning: how and where to configure Basic Authentication (Authorization - Kookie Option - SameSite - Secure)

Mario,
You need to setup TWO separate projects.
One project just for your server actions and another project for the mobile app.
From the mobile project you call the server actions just as you normally do, not using the API action.

Check the link I posted.

Ok Teodor
I was on a wrong track due to the fact that the visualization also worked with API Data Source
However, 2 errors are detected while functioning

Ken has already answered this above.

sure, but I can’t understand where to find the box where config Basic Authentication

I don’t have a php.ini file
Where I find this box?
Schermata 2020-03-26 alle 12.33.57

Hi Marzio,
Sorry for the delayed reply have had a crazy morning.

Please see the below guide on the php.ini file. This is a server specific file relating to the options for PHP available to your hosting package and is not deployed by Wappler. It is a part of PHP and holds the configuration variables.

Thanks Dave
the problem is that the current project is based on a domain whose Hosting does not display the php.ini file
I go to contact the hosting maintainer to resolve
Thank you

1 Like

@Marzio

This may help. It doesn’t always work as the host can overrule it but it may work for you…?

Is worth a try!

You may be able to specify variables within your .htaccess file (REMEMBER TO BACKUP FIRST!).