@Aristona wrote:
Hey,
I'm new to Ionic and generally mobile development. Right now I'm stuck on a problem I can't solve. Let me explain you the problem.
First of all, I have a backend service written on NodeJS/Express that has the same authentication middleware between express-session and socket.io. So, if someone is authorized via express-session, he is automatically authorized to socket.io too.
Anyway, in order to get it to work, I had to do the following on my SigninController.
$http.post(`${Config.get("domain")}:${Config.get("port")}/login`, { email: $scope.user.email, password: $scope.user.password, type: "mobile" }, { withCredentials: true }).then(res => { SocketService.start().listen(); $state.go("app.home"); }).catch(res => { $scope.error = res.status; }) .finally(() => { $ionicLoading.hide(); });Please notice the following parameter:
{ withCredentials: true }Without this parameter, my mobile application doesn't receive any cookies. Hence, he cannot be authorized to socket.io and he has to enter his credentials again each time he restarts the app.
The problem starts here. Whenever
withCredentials: trueis passed as the third parameter, Angular expectsAccess-Control-Allow-Credentials'to betrue. It doesn't matter if I specify it asfalseon backend. It kind of forces it to betrue.Here is the problematic part. When
Access-Control-Allow-Credentialsistrue,Access-Control-Allow-Origincan't take*or array as a parameter. I can only allow a single domain.I've tried everything, including disabling CORS on my Chrome, relying on Ionic proxies, etc.
One of the following solutions could work in my case:
Get rid of
withCredentialsbut still be able to obtain the cookie somehow.Find a way to run APK on a certain domain on mobile (e.g myapp.app) so I can specify CORS header as
http://myapp.appSomething else?
It would be appreciated if you could help me in this case.
Thank you.
Posts: 1
Participants: 1