API Project CORS - for Mobile App - help!

Here’s what works for me on iOS and Android.

Yes, use credentials on all server connects.

In config.xml under the platform android section add the following ( I’m pretty sure this defaults to false and thus could be removed entirely, but I know having it works. :slight_smile: ):

<preference name="AndroidInsecureFileModeEnabled" value="false" />  

For both ios and android sections, include a hostname preference:

<preference name="hostname" value="domain.com" />

For ios only add scheme:

<preference name="scheme" value="app" />

I think that is all that is relevant in config.xml.

Now on the server project you need to enter the following in the CORS property:


If you are like me, I have multiple domains pointing to this, so I manually edit the config.json with an array of domains:

  "cors": {
    "origin": [

I’m using Cordova platforms ios 6.2.0 and Android 11.0.0 and targeting android sdk 32