CORS error on XHR request but only on android (iOS works fine...)

Question

I have an android/iOS app made with Capacitor that serve a html file that make XHR request to my server.

It works fine on iOS emulator/device, but not on android emulator. I get the following error

File: http://example.com/ - Line 0 - Msg: Access to XMLHttpRequest at 'https://example.com/api/users/me?_=1644242401129' from origin 'http://example.com' has been blocked by CORS policy: 
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I do have an Access-Control-Allow-Origin set. Proof is that it works on iOS with the following origin allowed :

capacitor://example.com

But on android, it looks like the origin used is http://example.com as the errors says.

I did allow this url on my headers 'Access-Control-Allow-Origin' but it still fail and get me the same error.


    $allowed_domains = [
        'https://example.com',
        'http://example.com',
        'capacitor://example.com', //iOS working fine       
    ];

    if (in_array($_SERVER['HTTP_ORIGIN'], $allowed_domains)) {

        header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
        header('Access-Control-Allow-Credentials: true');
    }

    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

       header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
       header('Access-Control-Allow-Headers: origin, content-type, accept, API');
       header('content-type: application/json; charset=utf-8');
       http_response_code(200);
       exit;
    }

CORS error on XHR request but only on android (iOS works fine...)

Answers (1)

Related Questions