I can't seem to solve my CORS issue. Details inside



I’m new to Ionic and generally mobile development. Right now I’m stuck on a problem I can’t solve. Let me explain you the problem.

First of all, I have a backend service written on NodeJS/Express that has the same authentication middleware between express-session and socket.io. So, if someone is authorized via express-session, he is automatically authorized to socket.io too.

Anyway, in order to get it to work, I had to do the following on my SigninController.

$http.post(`${Config.get("domain")}:${Config.get("port")}/login`, {
        email: $scope.user.email,
        password: $scope.user.password,
        type: "mobile"
    }, {
        withCredentials: true
    }).then(res => {
    }).catch(res => {
        $scope.error = res.status;
    .finally(() => {

Please notice the following parameter:

   withCredentials: true

Without this parameter, my mobile application doesn’t receive any cookies. Hence, he cannot be authorized to socket.io and he has to enter his credentials again each time he restarts the app.

The problem starts here. Whenever withCredentials: true is passed as the third parameter, Angular expects Access-Control-Allow-Credentials' to be true. It doesn’t matter if I specify it as false on backend. It kind of forces it to be true.

Here is the problematic part. When Access-Control-Allow-Credentials is true, Access-Control-Allow-Origin can’t take * or array as a parameter. I can only allow a single domain.

I’ve tried everything, including disabling CORS on my Chrome, relying on Ionic proxies, etc.

One of the following solutions could work in my case:

  1. Get rid of withCredentials but still be able to obtain the cookie somehow.

  2. Find a way to run APK on a certain domain on mobile (e.g myapp.app) so I can specify CORS header as http://myapp.app

  3. Something else?

It would be appreciated if you could help me in this case.

Thank you.


Did you solve this problem ? I have same issue.