Step 7: Testing & troubleshooting
Testing
You can use your real API key from the start — there is no separate sandbox key.
- Register your site URL in the dashboard (exact domain match required).
- Deploy your React app to that domain (not
localhost). - Open browser DevTools → Console.
- Click your ad trigger.
- You should see the lifecycle in order:
loaded→started→firstQuartile→midpoint→thirdQuartile→complete.
For React Native, run on a device/simulator with the WebView pointed at your
deployed https:// page, and watch the JS console (Flipper, Safari Web
Inspector for iOS, or chrome://inspect for Android) for the same sequence.
Troubleshooting
| Symptom in the console | Cause | Fix |
|---|---|---|
postMessage … Invalid target origin 'null' | Page running at a null origin — a sandboxed iframe missing allow-same-origin, a file:// / data: / blob: page, or a CSP sandbox directive (see below) | Restore a real origin: add allow-same-origin to the iframe, or serve from the deployed https:// URL |
AdError 303: No Ads VAST response | No demand matched — usually a null origin (see below) or an unregistered / missing-ads.txt domain | Fix the origin; use the registered domain; confirm ads.txt is live (Step 6) |
No Prebid bid — GAM only | Normal — the header-bidding auction returned no bid and the request fell through to the ad server | None; informational |
| Ad never opens, no errors | SDK not loaded yet, or the trigger isn't a user gesture | Wait for ready; trigger from a click/tap |
| Player opens but the anchor is missing | injectionElementId div not in the DOM | Render the anchor div and keep it mounted |
Duplicate <script> warnings in dev | React Strict Mode double-invokes effects | The hook already dedupes; ignore in dev |
window.initializeAndOpenPlayer is not a function | Calling before the SDK finished loading | Gate calls behind the hook's ready flag |
For the complete list of ad-error type strings (the ~38 VAST/IMA codes
returned by error.getError().data), see the
Local callback error codes
reference.
When the origin is null
A null origin is the single most common cause of silent no-fill, and it is
not limited to React Native — a plain React, Next.js, Vite, or CRA app hits
the exact same failure whenever the browser strips the page's origin. When the
SDK reports a null origin, the consent postMessage fails
(Invalid target origin 'null') and the ad request returns
AdError 303: No Ads, even though your domain, API key, and ads.txt are all
correct.
Check whether any of these apply to the context the SDK is running in:
- Sandboxed iframe — the SDK (or your game) is inside an
<iframe sandbox="…">that does not includeallow-same-origin. A sandboxed iframe reports its origin asnullto everything inside it. Addallow-same-origin(keepallow-scriptsas well):sandbox="allow-scripts allow-same-origin". If you control the embed, the simplest fix is to drop thesandboxattribute entirely. - Non-
httpspage — the page was opened as afile://,data:, orblob:URL (common when testing a build locally by double-clicking the HTML). Serve it from the deployedhttps://URL instead. - CSP
sandboxdirective — aContent-Security-Policy: sandbox …response header (withoutallow-same-origin) does the same thing as a sandboxed iframe. Remove the directive or addallow-same-originto it.
To confirm what the browser sees, run console.log(window.origin) (or
document.location.origin) on the page that hosts the SDK. If it prints
"null" instead of your https:// domain, one of the above is the cause.
For React Native WebView specifically, the same rule plus the WebView setup is covered in Step 4.
Still stuck?
- Confirm the page's origin is a real
https://domain, notnull— see When the origin isnull. It is the cause of most "no ads" reports, on both web and mobile. - Confirm your domain is registered (exact match) and
ads.txtis live. - Email support@applixir.com with the domain, your API key, and a console log — that is exactly what lets us diagnose fill issues fastest.