HttpClient CORS security issues

xabierjj · July 29, 2022, 1:04pm

Hello,

We are developing an ionic (Angular) application for ios and android that consumes a REST api we have developed. As you may know, in order to communicate with the backend, if we use the angular http client we have to configure the CORS by adding in the allowed headers capacitor://localhost and http://localhost.

Isn’t this a problem in terms of security? With this configuration any mobile application could make calls to our api, right?

twestrick · July 29, 2022, 1:55pm

Sure, another mobile application running on localhost could make requests to your API. But, really anyone could as well from the server side as CORS is only a browser/front-end mechanism.

Some ways to mitigate risk is having authentication for your API and rate limiting.

Topic		Replies	Views
CORS issue http client Ionic Angular	1	727	June 4, 2021
CORS issues with Ionic 4 and iOS device Ionic Framework	5	851	November 8, 2019
Ionic 4 android device CORS issue Ionic Framework	10	4353	December 16, 2019
Standard http client for ionic (Angular) Ionic Angular	3	3404	August 2, 2022
Problem with CORS and ionic serve Ionic Framework	33	12804	April 20, 2021

HttpClient CORS security issues

Related topics