Do I need to add capacitor://localhost to allowed origins on my API server for an iOS capacitor app to be able to communicate with the API server?
Or does capacitor wrap fetch such that this shouldn’t be needed?
If you are using the web stack to make your calls then you need the following origins for CORS on your backend server (these are Capacitor’s defaults):
- iOS:
capacitor://localhost - Android:
http://localhost - Android:
https://localhost
If you are using CapacitorHttp, then CORS doesn’t apply as requests happen in native land outside of the browser. I always recommend sticking with the web stack for making requests if you can as the HTTP plugin adds an extra layer of complexity and latency.
I thought CapacitorHttp was capacitor’s default behaviour by now?
Nope.
By default, the patching of
window.fetchandXMLHttpRequestto use native libraries is disabled. (source)