I'm working on a project to enhance our security by adding only the specific domain in our CORS server - Access-Control-Allow-Origin
We have a mobile app that was developed using cordova vuejs and we want to limit the api access into specific domain.
Option 1:
I tried to manually changed the Origin value in the Header but it is not allowed in browser app. It returned
xhr.js:108 Refused to set unsafe header "Origin" error when I manually update the Header Origin error.
Option 2:
Used proxy devServer.proxy in the FE (vue). This one works when the app is run in the browser. However, when the app was compiled and run into android phone, it did not work. It return noscript
I already tried updating the config but no luck. - https://stackoverflow.com/a/37398805/3150510
I would like to know if there is still another way we can achieve overriding the Origin header in cordova vuejs?
It has nothing to do with VueJS in a Cordova app. You can set your origin in the config.xml of Cordova such as:
<preference name="hostname" value="myapp.mydomain" />