http://localhost:8080/* breaks authenication #111
Comments
|
as in the other post. domain as |
|
Hi @awebdeveloper, You mean like? Couldn't make this up from the other post. Cheers, G |
|
Hi @awebdeveloper, I resolved it by allowing CORS to localhost:8080 too. But as you said it is not recommended. I want to understand why origin is set to localhost:8080 instead of *. I don't understand what you meant by ionic.local as well. |
|
i was refering to #3 (comment) |
|
same here, on my server I get http://localhost:8080 as origin instead of ionic.local |
|
I don't know what kind of security you are talking about, but the point of CORS is to prevent Cross Origin attacks: For example, someone injects malicious code in your side that performs HTTP requests to a different domain. Read this: https://blog.cloudflare.com/an-introduction-to-javascript-based-ddos/
WK 3.0 used a local webserver, because it is the only solution that works for all the use cases. |
|
OK agreed with all except para 2. But y did u change from ionic.local to localhost |
|
WKWebView is fully of little bugs, that makes it very difficult to use, localhost is the only solution that works for all use cases |
|
Thanks @manucorporat. Now I understand why localhost. Still don't think para 2 is correct. CSP is for para 2 . Cors is entirely server thing. Hacker could inject js and whitelist it on his server |
|
I guess this can be closed |
Hi all,
Great to see this new release with WkWebView.
We are running into a minor issue with our authentication provider, which throws an origin error: http://localhost:8080 is not allowed by Access-Control-Allow-Origin. Of course we could add it as a trusted source, however we would rather keep things tight from a security point of view.
So I am wondering why does this needs to be added to the config.xml and is there a way around it?
Cheers, G
The text was updated successfully, but these errors were encountered: