Capacitor cors question

I have an ionic application which is running perfectly fine on Android/iOS, but I need to clarify few things.

The app uses native Google Auth ( @codetrix-studio/capacitor-google-auth) which is running fine on:

1- The web using [ionic serve]
2- Natively using [ionic cap run android/ios --livereload - -external]

On the web and using chrome dev tools I found the cors origin to be http://localhost:8100, which is added to GCP/credentials /Authorized JavaScript origins.

However when running ionic cap run android/ios --livereload - -external, the origin is which not added to GCP/credentials /Authorized JavaScript origins and the app still running fine which according to my understanding should not since I am not using any proxy.

Another thing I do not understand is how to know the cors origin of native build without --livereload --external.

Hope to get clarifications regarding these thoughts.

You are using a plugin, the plugin uses native connections, native connections are not restricted by CORS

That makes sense. I also verified that, no outgoing network requests are generated if using the native plugin.

Many thanks for your help.

i have another question related to this point.
I went through this article but could not understand it properly.

First case: The origin resulting from the command ionic serve is http://localhost:8100.
Second case: The origin of ionic cap run android is http://localhost.

Why would angularfire signInWithRedirect and signInWithPopup work in case 1 and not in case 2?