Origin is always present on proxy for ionic serve

Ionic Framework ionic-v3
21

I KNOW
I wrote this is the OPPOSITE (sorry for APPOSITE)
The examples are DISABLING CORS and I wrote we have the OPPOSITE so ENABLED CORS CHECK on SERVER.

If you have for example on tomcoat a CORS Filter like described here
https://enable-cors.org/server_tomcat.html

You can NOT do something like this:
curl -H "Origin http://localhost:8100" http://blabla.com/cloud
You will get 403 error which IMO in this case is the same thing as an CORS issue and the browser doesn’t matter!

That easy

Thx and best regards

22

Yes, but that is not the use case the service proxy of the Ionic CLI is built for.

Open an issue for Ionic CLI on Github and maybe there is already a solution to disable the Origin header or the developer agrees that removing the Origin header is a valid change and it will be implemented.

1 Like
23

We found a workaround, we start another node proxy which is handling the Origin and others like cookie rewriting, this is our server.js we use for standalone proxy

var http = require('http'),
    httpProxy = require('http-proxy');

var proxy = httpProxy.createProxyServer({});
proxy.on('proxyReq', function(proxyReq, req, res, options) {
    proxyReq.setHeader('Origin', 'https://bla.bla.com');
});

proxy.on('proxyRes', function (proxyRes, req, res) {

    let existingCookies = proxyRes.headers['set-cookie'],
    rewrittenCookies = [];

    if (existingCookies !== undefined) {
        if (!Array.isArray(existingCookies)) {
            existingCookies = [existingCookies];
        }

        for (let i = 0; i < existingCookies.length; i++) {
             rewrittenCookies.push(existingCookies[i].replace(/;\s*?(Secure)/i, ''));
        }

        proxyRes.headers['set-cookie'] = rewrittenCookies;
    }
});

var server = http.createServer(function(req, res) {

  proxy.web(req, res, {
    target: 'https://bla.bla.com',
    changeOrigin: true
  });
});

console.log("listening on port 5050")
server.listen(5050);

And our ionic.config.json for the proxy part is like this

"proxies": [{
      "path": "/cloud",
      "proxyUrl": "http://localhost:5050/"
  }]
24

That’s a very simple piece of code - I am impressed it’s that easy with node.

What does the “let existingCookies …” do exactly?

is the one line that is responsible for solving your problem, right?

25

In this case we proxy from an insecure http://localhost to an secure httpS://bla.bla.com server, the last server returns an SECURE COOKIE, we have to remove the SECURE flag from cookie, if not, in the second request the AUTH cookie will not be passed to first proxy.

The solution for my ORIGIN problem is:

  • the combination fro ionic (node) proxy and our second (node) proxy
  • in our proxy the solution for removing origin are
    proxyReq.setHeader('Origin', 'https://bla.bla.com');
    and
    changeOrigin: true