can't use backendless API in javascript BL with domain control

I have set simple custom event in javascript BL:

Backendless.enablePromises();
Backendless.ServerCode.customEvent('myCustomEvent', function(req) {
    
    var tStore = Backendless.Data.of('myTable');
 
    return tStore.findById('XXXXXXXXX');
});

it worked fine with default * Domain Control, but when I changed it to my domain I received error
“Wrong domain”,“statusCode”:400
As I understand, this call actually goes not from my domain, but isn’t it obvious that backendless server should be allowed by default? I tried add api.backendless.com, backendless.com, develop.backendless.com but still got this error

Hi Yuriy,

Could you please check what’s the value of the “Origin” header of your request?

Sorry, can’t quite get what you mean, I’m calling backendless API with standard backendless sdk, should I debug/modify it?

You’re using Javascript SDK, right?

Yup

Now we are testing this functional. We write here about results.

hi!

Could you provide more information how you invoke this custom event (where this code located)?

Sure. After your question I realized that I only tried with debugged BL, not deployed. Now I tried to deploy BL and it works. So, was it because of debug?

Update: Nope, that’s not that easy. I tried a few minutes later and it gave same error. Now I’m not even sure that it worked first time - maybe when I changed domain control from * to my site I tested too soon for changes to take effect?
As to invoking custom event, it’s like this:

var eventArgs = {param:"test"};
        var successHandler = function( response ) {
            console.log('successHandler ' + JSON.stringify(response));
        };
        var errorHandler = function( response ) {
            console.log('errorHandler ' + JSON.stringify(response));
        };
        Backendless.Events.dispatch( "myCustomEvent", eventArgs, new Backendless.Async( successHandler, errorHandler ) );

So, isn’t it the same problem as discussed here?

forgot to include link:
http://support.backendless.com/t/domain-control-not-working-at-all

Hello Yuriy,
Please re-check whether your code sends request “Origin” header correctly.
Artur

since I’m using javascript backendless SDK what’s your advice on how to inspect resulting call requests?

Using network tab in browser console

I’m receiving error for javascript running in Business Logic, in your servers. You want me to check origin in client browser requests that goes to backendless and starts BL procedure?

You can inspect headers in Browser Console on Network tab
http://storage9.static.itmages.com/i/16/0608/h_1465408937_9938034_aa0a596765.png</img>

Oh boy, it’s going round and round.
I still have the feeling that you think that it’s requests in my client browser got errors when using backendless sdk. Whereas my client js calling backendless sdk just fine, with or without domain control. And yes, I checked headers - origin is here. But, why should I check headers on my client browser requests? The error generates in Business Logic javascript code, when BL code uses standard backendless SDK.
My browser javascript calls custom event in my BL.
If my custom event don’t have calls to backendless sdk, like if it only consist of “return Promise.resolve(“okee”);” It runs just fine with or without domain control.
If, in Business Logic Custom Event I use call to backendless sdk (like find or save) and I don’t set domain control - it runs fine. But if I set domain control - I’ve got error about wrong domain.
From within Business Logic Javascript code.
Please, pretty please with sugar on top, tell me that you did from the very beginning understand that it’s about BL javascript and not browser client js

Hi Yuriy,

I am pretty clear about the problem. The domain control feature should ignore any request which has not originated from a browser (which it obviously doesn’t do right now). One way I can think of we could do it is by checking the API key (secret key) provided in the request. If it is the JS Secret Key, then we enforce the domain control policy for the provided domains, otherwise, the calls go through. Does it sound reasonable?

I guess it’s sounds reasonable, yes. Although I thought you just would “white list” your own backendless servers, so Business Logic would be always in list of allowed.