问题
As so many others I have the problem with a RESTful service we are calling.
This service as so many others has an ORIGIN check. Using Cordova & Ionic doing the request from android app set the origin to file:// which is good for browser cors check but not good for the service, they doesn't allow this schema for origin. As others the allow only empty origin or the same origin.
On many posts I read the wrote you can handle this with whitelist plugin or with CSP. But I think this absolutly incorrect. With whitelist you can not work on the origin header and CSP has nothing to do with it.
So the last few days I spend hundreds of hours and googled and tested different solutions and different plugins. But the solution is not there and not simple.
At the moment I'm testing cordova plugins for http and websocket requests, to do native http and websocket calls, this is working great for the SOP problem but there are some problems with cookies. I tryied to found a solution on a Custom WebView where we can elimante the Origin header from request but this was to difficult for us.
Can someone help on this problem?
I'm not the only guy which has to call a SOP protected resource over the internet from a mobile hybrid app. Why there is no simple solution for it?
Edit: I created a issue on cordova for it https://issues.apache.org/jira/browse/CB-13194
回答1:
In such a case, aren't you looking to adjust the server-side CORS handling? I'm sure you've seen it in your searching, but https://enable-cors.org/server.html.
You can't/shouldn't be able to change the origin of the request from the client making the request (effectively spoofing). If changing the CORS settings at the server is not an option, you may need to look at proxying your requests to a server you control, which can then be added to the list of allowed origins on the target protected resources.
来源:https://stackoverflow.com/questions/45758914/cordova-or-phonegap-http-requests-and-same-origin-policy-problems