Cross domain issue with compiled app


I’ve made my first ionic application. It’s a complete app for a client. I’ve made all my tests with ‘ionic serve’ or ‘ionic cordova run android --device -l -c -s’. The application work all as expected. The app call an REST API on which I do not have the hand.
I’ve build the app with the commande ‘ionic cordova build --debug android’ to test on client device. but with this compiled APK, POST request are rejected, on devices and emulator (GET works fine). this is the error in server log : Invalid CORS request;Origin=Some(file://);Method=POST;Access-Control-Request-Headers=None

I send following header with my requests :

      headers.append("Content-Type", "application/json");
      headers.append("Access-Control-Allow-Origin", "*");
      headers.append("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
      headers.append("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");

I’ve tried to not send headers. I’ve also tried to use cordova-plugin-whitelist. nothing work. The result is always the same.

this is an exemple of a method that not working :

  validateCode(code: string): Promise<RequestResult> {

    const userId = localStorage.getItem('userId');
    let noError = true;

    if (userId !== null) {
      const endPoint = this.url + '/v1/tokens/craftsmen';
      const headers = this.initHeaders();
      const options = new RequestOptions({ headers: headers });
      return, { craftsmanId: userId, password: code }).toPromise()
        .then((response: Response) => {
          return response.json();
        }).catch(err => {
          console.log('SmsService.validateCode() error return : ' + JSON.stringify(err));

thanks for reading,

All this stuff you need to write on your server script not in the app script

The API developper says me it’s configured on is side too.

Have you tried ? => config.xml: <access origin="*" />

yes, i have this in my config.xml. also added this :

I’ve asked to the API developper to add file:// in CORS configuration. I think it’s not configured properly. Wait for his response.

it’s resolved. CORS rules wasn’t properly implemented in the API.

thanks for yours responses