I have a back-end with an API Flask Python. The server config is ready and I can test this. But when I launch ionic serve, I have some errors when my request returns. Here my configuration in my app.js:
app.config(function($stateProvider, $urlRouterProvider, $httpProvider) {
// Enable cross domain calls
$httpProvider.defaults.useXDomain = true;
// Remove the header used to identify ajax call that would prevent CORS from working
delete $httpProvider.defaults.headers.common['X-Requested-With'];
// Set api token
if(typeof API_TOKEN !== 'undefined') {
$httpProvider.defaults.headers.common['Authentication-Token'] = API_TOKEN;
}
if your code is correct the app should work just fine on the device but if you want to disable CORS when your on your PC you need to follow the next steps:
Create Chrome shortcut
right click > shortcut > Target: and enter at the end of the shortcut --disable-web-security
for example: e\Application\chrome.exe" --disable-web-security
3)close all chrome apps and chrome proccess(from the task managaer)
when you open the new chrome shortcut you will have a yellow warning says that web security is disabled.
CORS is something that is enabled on the server. you have to make sure that the headers that are sent by the queried server have
Access-Control-Allow-Origin *; (for nginx)
Once that is done, the issue should be resolved. The XML request is being blocked in your case, because these headers are not present in the server response.
In general @brokurt is right. In production you should enable it on your server side.
But during development the chrome startup parameter @Matangub described should do what you want.
And if you only want to test get request -> use could use JSONP Requests.
Yeah matangub posted this for chrome… so it will work for chrome and not for safari
Different browsers -> different behave and different customizable app parameters.
navigate to a new line and add: alias corsdev=’open -n -a /Applications/Google\ Chrome\ Canary.app/Contents/MacOS/Google\ Chrome\ Canary --args --disable-web-security’
ctrl-o (saves the file)
enter
ctrl-x
restart the terminal
Now if you open terminal and do corsdev it will open Chrome Canary with the disable-web-security-flag and you’ll be able to do cross origin requests (cors)!
You could of course do this with the ordinary chrome, but if you disable web-security it becomes unsafe, so it might not be so wise…
I instad use Canary for dev and do my googling safely in the ordinary chrome.
(anyone know a way of open a new instance of chrome? then you wont need canary)
@tobbe if there is the need to start chrome over terminal, you might simply type in (if there is the alias chrome, but it should be there for unix systems): google-chrome --disable-web-security
No need to configure env-variables and bash profile for no effect.
That solution is for nginx only. nginx has a location directive, under which you can write the following code.
Make/test your app and then remove it before production
Maybe good to use corsproxy for testing in browser or ionic.project file setup?
Works without .htaccess modifications.
Check here: Making REST call from Ionic
Another thing you can do is use Coherence. It makes you custom Chrome apps, which can be used for single sites or projects. Make a new one and disable security on that one, so you don’t have to worry about it with your main Chrome.