Ionic-framework: CORS error with "Origin file://"

Created on 8 Aug 2017 · 4Comments · Source: ionic-team/ionic-framework

Ionic version: (check one with "x")
[ ] 1.x (For Ionic 1.x issues, please use https://github.com/ionic-team/ionic-v1)
[ ] 2.x
[x] 3.x

I'm submitting a ... (check one with "x")
[x] bug report
[ ] feature request
[ ] support request => Please do not submit support requests here, use one of these channels: https://forum.ionicframework.com/ or http://ionicworldwide.herokuapp.com/

Current behavior:
On doing a post for example over "https://abc.page.com/login" from device (production mode) we got an "CORS" error because in the request there is a Origin header.
As described in a very old article http://blog.ionic.io/handling-cors-issues-in-ionic/, shouldn't there be no problem for an http request and handling CORS?

This is the created request header:

Request Headers
Provisional headers are shown
Accept:application/json, text/plain, */*
content-type:text/plain
Origin:file://
User-Agent:Mozilla/5.0 (Linux; Android 7.0; SM-G920F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Crosswalk/23.53.589.4 Mobile Safari/537.36

Should there be an origin??? If yes and if the maintainer of the service is checking for Origin we are not able to call any services checking this.

Ionic info: (run ionic info from a terminal/cmd prompt and paste output below):

cli packages: (/..../web-client-ionic/node_modules)
    @ionic/cli-plugin-cordova       : 1.6.2
    @ionic/cli-plugin-ionic-angular : 1.4.1
    @ionic/cli-utils                : 1.7.0
    ionic (Ionic CLI)               : 3.7.0

global packages:
    Cordova CLI : 7.0.1 

local packages:
    @ionic/app-scripts : 2.1.3
    Cordova Platforms  : android 6.2.3
    Ionic Framework    : ionic-angular 3.6.0

System:
    Android SDK Tools : 26.0.2
    Node              : v6.11.1
    OS                : Linux 4.10
    npm               : 5.3.0

Source

mburger81

👍1

All 4 comments

Hello! Thanks for opening an issue with us! As this seems like more of a support question I will urge that you ask this question on our forum or on our slack channel. Thanks for using Ionic!

jgw96 on 8 Aug 2017

👎2

@jgw96 Honestly I know this is not a BUG of ionic-angular this is probably a BUG for cordova / crosswalk, I opened also a bug there.
https://github.com/crosswalk-project/cordova-plugin-crosswalk-webview/issues/155

But also honestly, this is a bug problem and there are many forum posts and some issues referring this problem. IMO and for what I know, it is as specified per RFC that a web-server have to check the origin, and there are so many maintainers which do this and which would not change this behavior.

But on no posts we can find a solution on ionic/cordova/crosswalk side, but I think finding a solution and document it would be very very important.

It would be really nice if someone can jump into this problem.

Thx
Michael

Edit:
There is also an opened issue on cordova for that
https://issues.apache.org/jira/browse/CB-469?jql=text%20~%20%22origin%20file%22

mburger81 on 8 Aug 2017

👍1

This is definitely an Ionic bug, as it doesn't happen with bare Cordova. It keeps on being reported, but is always closed as "more of a support question", which it is not!

What is the expected workaround here; allowing file:// as an origin in our server applications? This is a hack and doesn't feel right, to put it mildly.

Ideally, requests would just have null set as origin header value.